US7325249B2 - Identifying unwanted electronic messages - Google Patents

Identifying unwanted electronic messages Download PDF

Info

Publication number
US7325249B2
US7325249B2 US10/059,147 US5914702A US7325249B2 US 7325249 B2 US7325249 B2 US 7325249B2 US 5914702 A US5914702 A US 5914702A US 7325249 B2 US7325249 B2 US 7325249B2
Authority
US
United States
Prior art keywords
electronic mail
mail message
security condition
transmitted
message
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active, expires
Application number
US10/059,147
Other versions
US20020162025A1 (en
Inventor
Lorin R. Sutton, Jr.
Craig E. Despeaux
Michael K. Adamski
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Google LLC
Original Assignee
AOL LLC
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by AOL LLC filed Critical AOL LLC
Priority to US10/059,147 priority Critical patent/US7325249B2/en
Assigned to AMERICA ONLINE, INC. reassignment AMERICA ONLINE, INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: ADAMSKI, MICHAEL, DESPAUX, CRAIG E., SUTTON, LORIN
Publication of US20020162025A1 publication Critical patent/US20020162025A1/en
Assigned to AOL LLC, A DELAWARE LIMITED LIABILITY COMPANY (FORMERLY KNOWN AS AMERICA ONLINE, INC.) reassignment AOL LLC, A DELAWARE LIMITED LIABILITY COMPANY (FORMERLY KNOWN AS AMERICA ONLINE, INC.) CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: AMERICA ONLINE, INC.
Priority to US12/020,630 priority patent/US7954155B2/en
Application granted granted Critical
Publication of US7325249B2 publication Critical patent/US7325249B2/en
Assigned to BANK OF AMERICAN, N.A. AS COLLATERAL AGENT reassignment BANK OF AMERICAN, N.A. AS COLLATERAL AGENT SECURITY AGREEMENT Assignors: AOL ADVERTISING INC., AOL INC., BEBO, INC., GOING, INC., ICQ LLC, LIGHTNINGCAST LLC, MAPQUEST, INC., NETSCAPE COMMUNICATIONS CORPORATION, QUIGO TECHNOLOGIES LLC, SPHERE SOURCE, INC., TACODA LLC, TRUVEO, INC., YEDDA, INC.
Assigned to AOL INC. reassignment AOL INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: AOL LLC
Assigned to NETSCAPE COMMUNICATIONS CORPORATION, AOL ADVERTISING INC, MAPQUEST, INC, GOING INC, SPHERE SOURCE, INC, LIGHTNINGCAST LLC, QUIGO TECHNOLOGIES LLC, YEDDA, INC, TRUVEO, INC, AOL INC, TACODA LLC reassignment NETSCAPE COMMUNICATIONS CORPORATION TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS Assignors: BANK OF AMERICA, N A
Assigned to MARATHON SOLUTIONS LLC reassignment MARATHON SOLUTIONS LLC ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: AOL INC.
Assigned to BRIGHT SUN TECHNOLOGIES reassignment BRIGHT SUN TECHNOLOGIES ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: MARATHON SOLUTIONS LLC
Assigned to GOOGLE INC. reassignment GOOGLE INC. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: BRIGHT SUN TECHNOLOGIES
Assigned to GOOGLE LLC reassignment GOOGLE LLC CHANGE OF NAME (SEE DOCUMENT FOR DETAILS). Assignors: GOOGLE INC.
Active legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1441Countermeasures against malicious traffic
    • H04L63/145Countermeasures against malicious traffic the attack involving the propagation of malware through the network, e.g. viruses, trojans or worms
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems

Definitions

  • This invention relates to the identification of unwanted electronic messages in a message exchanging system.
  • the performance of a message exchanging system may be improved.
  • a payload portion of a message being communicated is inspected and characteristics of the payload portion are identified and compared with stored data indicating characteristics of at least one other message that has been inspected.
  • a security condition is identified based on the comparison.
  • the performance of a message exchanging system may be improved by inspecting a message being communicated to a first device in a message exchanging system of two or more devices and identifying characteristics of the message. Characteristics of the message are compared with stored data indicating characteristics of at least one other message communicated to a second device, and a security condition is identified based on the comparison.
  • Implementations may include one or more of the following features.
  • the characteristics of the payload portion include information other than address information.
  • the characteristics of the payload portion inspected do not include address information.
  • the message exchanged may include an electronic mail message.
  • the characteristics may be tracked for comparison against characteristics of future messages, and the characteristics of a new message may be compared with the characteristics of at least one message that has been tracked. Comparing characteristics may include comparing characteristics with stored characteristics of other communicated messages.
  • Implementations may include rejecting the message if the security condition identified includes a hostile indicator.
  • the hostile indicator may be revealed as a hostile indicator when comparing characteristics of the messages inspected reveals a threshold of messages having a shared characteristic.
  • the security condition may include an indeterminate indicator. Implementations may include determining that the security condition includes an indeterminate indicator when the characteristics, standing alone, do not reveal a hostile security condition, but the characteristics may do so in combination with similar characteristics of other messages, including those exchanged in the future. Implementations may include removing messages with these characteristics if these characteristics subsequently generate a hostile indicator for a security condition. The message may be accepted if the security condition includes an indeterminate indicator.
  • Implementations may include generating a neutral indicator for the security condition. If the security condition includes a neutral indicator, the message exchanging system may accept the message.
  • Implementations also may include inspecting messages sent or received by more than a single device.
  • Implementations may include a system capable of achieving the above features, for instance, a remote exchanging system, a local exchanging system, and a network between these components. Implementations also may include rearranging the sequence of steps performed on the local exchanging system to achieve these features.
  • FIG. 1 is a diagram of a message exchanging system with the ability to examine exchanged messages for unwanted messages.
  • FIG. 2 is a diagram of an exemplary structure of message that may be exchanged in a communications system such as that shown in FIG. 1 .
  • FIGS. 3-6 are flow charts illustrating steps performed in exchanging a message.
  • FIGS. 1-6 describe message exchanging systems and processes capable of determining whether an electronic message being communicated is unwanted.
  • a message exchanging system inspects an exchanged message by determining one or more characteristics of the message and comparing them to one or more characteristics found in other messages. Based on this comparison, a security condition may be identified, and a responsive action taken. For instance, the message may be discarded if the security condition is deemed hostile. The message may be accepted if the security condition is deemed neutral or better, or the message may be tracked if the security condition is deemed indeterminate to enable responsive action based on future or other comparisons involving the characteristics of this or another exchanged message.
  • a message exchanging system 100 may be structured and arranged to transmit messages between a remote exchanging system 110 and a local exchanging system 130 through a network 120 .
  • a network 120 For brevity, each of these elements is represented as a monolithic entity.
  • any or all of system 110 , the network 120 and the system 130 may include numerous interconnected computers and components designed to perform a set of specified operations and/or dedicated to a particular geographical region.
  • the remote exchanging system 110 and the local exchanging system 130 are structured and arranged to exchange one or more messages across network 120 .
  • Each of the remote exchanging system 110 and the local exchanging system 130 may be implemented by a general-purpose computer capable of responding to and executing instructions in a defined manner.
  • Each of the remote exchanging system 110 and the local exchanging system 130 may include a personal computer, a special-purpose computer, a workstation, a server, a device, a component, other equipment or some combination thereof capable of responding to and executing instructions.
  • Each may be structured and arranged to receive instructions from, for example, a software application, a program, a piece of code, a device, a computer, a computer system, or a combination thereof, which independently or collectively directs operations, as described herein.
  • the instructions may be embodied permanently or temporarily in any type of machine, component, equipment, storage medium, or propagated signal that is capable of being delivered to the remote exchanging system 110 or the local exchanging system 130 .
  • the remote exchanging system 110 includes a dedicated mailing system. Such a dedicated mailing system may be implemented by specialized hardware or executed by a general purpose processor capable of running various applications such as electronic mailer programs, either or both being capable of employing various message transfer protocols such as SMTP (“Simple Mail Transfer Protocol”).
  • the remote exchanging system 110 may include a communications interface (not shown) in an information delivery network.
  • the remote exchanging system 110 may include an electronic mail gateway.
  • the remote exchanging system 110 generally communicates with the local exchanging system 130 using network 120 .
  • the network 120 typically is structured and arranged to enable direct or indirect communications between the remote exchanging system 110 and the local exchanging system 130 .
  • Examples of the network 120 include the Internet, the World Wide Web, one or more WANs (“Wide Area Networks”), one or more LANs (“Local Area Networks”), one or more analog or digital wired or wireless telephone networks (e.g., PSTN (“Public Switched Telephone Network”), ISDN (“Integrated Services Digital Network”), or xDSL (“Digital Subscriber Loop”) network), a radio, a television, a cable, a satellite, and/or other delivery mechanisms for carrying data.
  • the network 120 may include a direct link between the remote exchanging system 110 and the local exchanging system 130 , or the network 120 may include one or more networks or subnetworks between them. Each network or subnetwork may include, for example, a wired or wireless data pathway capable of carrying and receiving data between remote exchanging system 110 and local exchanging system 130 .
  • the local exchanging system 130 is structured and arranged to exchange one or more messages with remote exchanging system 110 across network 120 .
  • the local exchanging system 130 may include or form part of an information delivery system, such as, for example, an electronic mail system, the World Wide Web, or an online service provider network.
  • the local exchanging system 130 is structured and arranged to receive one or more messages.
  • the local exchanging system 130 may include various components, including one or more of an inspection module 131 , a comparison module 132 , a data store of characteristics 133 , and a security module 134 , as illustrated by FIG. 1 .
  • each of the modules and data store 133 may be independently or collectively implemented by, for example, a general-purpose computer.
  • the inspection module 131 may be structured and arranged to exchange and analyze a message or one or more characteristics of the message or its payload portion when communicated with one or more devices, such as another local exchanging system 130 A.
  • the comparison module 132 may be structured and arranged to compare the characteristics of the payload portion of the inspected message with a data store of characteristics 133 or to compare the characteristics of messages exchanged across more than one device with a data store of characteristics 133 .
  • the data store 133 may be structured and arranged to include a compilation of suspect message characteristics identified as potentially problematic, suspicious or profile-matching. Examples of such characteristics include, but are not limited to, the existence or attributes of text, a key word, a name, a physical size and/or content of an attached file, and the address of hyper text embedded in a message. When messages exchanged across more than one device are inspected, and collectively used to identify unwanted or suspect messages, characteristics stored in data store 133 also may include an IP address, a sender identification and domain name information (e.g., name.com).
  • Implementations of the data store 133 may include database software structured and arranged to manage information relating to characteristics of the messages.
  • the database software may keep a table of entries or terms that the local exchanging system 130 is inspecting and tracking. Each entry may include a counter indicating the number of times the entry has appeared.
  • the entry also may include a location parameter including addresses or message identifiers indicating messages in which the entry appears. Referencing this location parameter enables retrieval of messages subsequently determined to be unwanted.
  • the security module 134 may be structured and arranged to identify a security condition based on results from the comparison module 132 .
  • the message exchanging system 100 may include more than one local exchanging system 130 structured and arranged to communicate messages, as depicted by local exchanging system 130 A in FIG. 1 .
  • an organization may use multiple servers capable of exchanging messages and may distribute messages to be communicated across the multiple servers in a manner that balances the load.
  • FIG. 2 shows an exemplary structure of a message 200 of the type exchanged in FIG. 1 .
  • the message 200 may include, e.g., an electronic mail message and a file attachment.
  • the message 200 may be structured and arranged to include a header field 210 and a payload portion 220 .
  • the header field 210 typically includes addressing information to describe the destination of the message.
  • the header field 210 may include an IP address, a mail recipient identifier, a PC identifier, and/or an online identity.
  • the payload portion 220 typically includes information other than address or identification information, such as information to be communicated to the person or system identified by the header field 210 .
  • the payload portion field 220 may include a letter in an electronic mail message, an attached file in an electronic mail message, or a hypertext link in a file.
  • FIG. 3 illustrates a method of identifying unwanted messages in a message exchanging system, such as local exchanging system 130 described with reference to FIG. 1 .
  • an unwanted message may be identified by identifying a security condition for a message (step 310 ), determining whether the security condition is hostile, indeterminate or neutral (step 320 ), and taking an action based on the security condition identified (steps 330 , 340 and 350 ).
  • a local exchanging system identifies a security condition for a message exchanged (step 310 ).
  • Implementations may include systems that inspect the payload portion of a message. An example of operations performed by systems that inspect the payload portion are described further with respect to FIG. 4 .
  • Implementations also may include systems that inspect both the header field and the payload portion. Such systems may be used where messages are exchanged across more than one local exchanging system.
  • identifying a security condition involves comparing one or more parameters appearing in a message with stored data indicating that the message may be hostile.
  • the stored data generally indicate characteristics of at least one other message previously inspected.
  • the local exchanging system determines whether the security condition is hostile, neutral, or indeterminate (step 320 ).
  • a hostile security condition indicates that, based on parameters of the message, the message has a profile that resembles an unwanted message (e.g., spam, objectionable content) or a malicious message (e.g., viruses, worms).
  • a neutral security condition indicates that, based on the parameters of the message and based on the data presently stored, the message does not resemble messages considered to be unwanted or malicious.
  • An indeterminate condition indicates that, based on the parameters of the message, the message has a profile that is of concern and may subsequently be identified as a hostile message.
  • an exchanging system may receive a large number of messages from one source. After a threshold number of messages are exchanged, the message may be identified as a hostile message. Messages leading to the threshold number may initially generate a neutral, then an indeterminate indicator, before the threshold iteration of the message generates a hostile indicator.
  • the local exchanging system rejects the message (step 330 ).
  • rejecting the message may include not transmitting the message.
  • storage and processing of rejected messages may be prevented, or to the extent that rejected messages are stored, an alarm may be generated and/or sent to an administrator.
  • the local exchanging system generally processes (e.g., transmit or receive) messages for which the security condition includes a neutral indicator indicating that the characteristics of the exchanged message correspond to those messages considered not hostile (step 340 ).
  • the local exchanging system also generally processes messages for which the security condition includes an indeterminate indicator, as this security condition indicates that the characteristics of the message do not correspond to a hostile condition at this time but may reveal a hostile indicator in the future in combination with other received messages having similar characteristics (step 350 ).
  • the local exchanging system may index the message that has been processed to enable subsequent action to be taken if the message is recategorized. Similarly, characteristics may be counted to better categorize the message.
  • FIG. 4 illustrates a procedure 400 that represents one method of identifying a security condition by inspecting the payload portion of a message in a message exchanging system.
  • Procedure 400 includes exchanging a message (step 410 ), inspecting the payload portion of the message (step 420 ), comparing the characteristics of the payload portion of the message with a data store of characteristics of other messages (step 430 ), and identifying a security condition based on the comparison of the characteristics (step 440 ).
  • procedure 400 is performed by a message exchanging system, such as local exchanging system 130 of FIG. 1 .
  • a message or file is exchanged between a sender and a receiver, such as remote exchanging system 110 and local exchanging system 130 (step 410 ).
  • the message may include an electronic mail message and/or an instant message, and the message may be transmitted to or from a local exchanging system.
  • the inspection module 131 inspects the payload portion of the message exchanged (step 420 ).
  • the payload portion generally corresponds to the payload portion of the message described previously in FIG. 2 .
  • Implementations may include inspecting more than one field in the payload portion.
  • the local exchanging system 130 may inspect the exchanged message to determine if the message includes hypertext links and/or attached documents. If the message includes a reference to information located outside the message, the external information being referenced also may be inspected. For example, in a message with a link to a file on a server, the local exchanging system may download and inspect the file.
  • the comparison module 132 compares the payload portion of the exchanged message, or characteristics thereof, with information from a data store 133 (step 430 ).
  • This information may include the payload portion, or characteristics thereof, of other exchanged messages that have been inspected.
  • the data store includes a database of the characteristics
  • the local exchanging system 130 may compare characteristics of the payload portion to those of other messages and add the compared characteristics to the data store.
  • the data store then may be updated as additional messages are received.
  • Other implementations may include having an administrator set parameters to inspect. For example, if an administrator learns in advance of a virus, the administrator may specify that all files with a suspect name or profile be entered into the data store of characteristics.
  • Comparing the characteristics may include comparing characteristics of an exchanged message with a subset of characteristics of other messages. For example, a local exchanging system may filter characteristics in the data store so that characteristics of an exchanged message are compared against the filtered subset of more suspect characteristics. The characteristics of the exchanged message may still be compiled into the data store. These characteristics may “bubble” into the filtered characteristics that are compared against if the characteristics continue to be received or are recategorized as more suspect.
  • the security module 134 determines a security condition based on the results of the comparison of the payload portion in the comparison module 132 (step 440 ).
  • FIG. 5 illustrates a procedure 500 by which a security condition is identified by inspecting both the header field and the payload portion of messages being communicated in a local exchanging system that includes two or more devices.
  • Procedure 500 involves exchanging a message (step 510 ), inspecting the message (step 520 ), comparing characteristics of the message with a data store of characteristics of other messages (step 530 ), and identifying a security condition based on the comparison (step 540 ).
  • procedure 500 is performed on a message exchanging system, such as that illustrated by local exchanging system 130 of FIG. 1 .
  • a message is exchanged (step 510 ) between a remote exchanging system and a local exchanging system, as is depicted in dashed lines in FIG. 1 .
  • the exchanged message then is inspected (step 520 ) by examining parameters both in the header field and the payload portion.
  • the local exchanging system compares the message inspected with characteristics of messages exchanged across more than one local exchanging system 130 (step 530 ).
  • the message exchanged across more than one local exchanging system 130 may be acquired in a synchronous or disparate manner.
  • the characteristics of messages compared may include characteristics of messages compiled from one server sending messages and another server receiving messages.
  • the two or more local exchanging servers may be situated in geographically diverse locations. For example, one local exchanging server may be located on the east coast while the other is located on the west coast.
  • Comparing characteristics of messages may include using a counter in conjunction with characteristics to determine a security condition. For example, a database may keep track of the number of times certain characteristics appear. As will be discussed, the counter may be a factor in determining the security condition.
  • the local exchanging system then identifies a security condition (step 540 ) based on the result of the comparison with messages exchanged across more than one local exchanging system.
  • the security condition may include a hostile indicator.
  • Determining that there is a hostile indicator may include tracking the number of suspect elements in a message.
  • a characteristic of the message is a suspect element when that characteristic is identified in the comparison against entries in the data store of characteristics 133 . For example, if a Uniform Resource Locator (“URL”) found in a message also exists in the data store of characteristics 133 , that correlation may be identified as a suspect element that implicates the message as a suspect message.
  • URL Uniform Resource Locator
  • Determining that there is a hostile indicator may include quantifying suspect elements. For example, two suspect elements may generate an indeterminate indicator while three suspect elements generate a hostile indicator.
  • the security condition may be identified depending on the actual suspect element detected within the message. For example, messages with one particular suspect element H and no other elements of concern may always generate a hostile indicator while messages with a different single suspect element or a combination of other suspect elements may not generate a hostile indicator. Likewise, a message may include five suspect elements, but if one of the elements is a particular suspect element, the message may generate a neutral indicator. Examples may feature a hierarchy of suspect elements where one particular suspect element generates a neutral indicator unless another suspect element is present, in which case a hostile indicator is generated.
  • Implementations also may include having a suspect element generate an alarm score to gauge the level of concern.
  • a message may be inspected by identifying a sender, an attached file and a MD5 (“Message Digest 5”) signature as elements of concern.
  • the sender may receive a score of 10
  • the attached file may receive a score of 20
  • the MD5 signature may generate a score of 30 for a combined message score of 60. If the local exchanging system categorizes all messages with a score greater than 100 as hostile, the message may be considered indeterminate or neutral. However, in some implementations, if one of the elements of concern is exchanged with increasing frequency, the score associated with that element of concern may increase.
  • a local exchanging system may categorize a message as hostile initially if the score is above 100 and subsequently re-categorize as hostile any messages whose score rises above 130. In this case, the message is categorized with a hostile indicator upon review and the message is deleted. The local exchanging system may look up messages that were initially categorized with indeterminate indicators and subsequently re-categorized as hostile, and delete the re-categorized messages.
  • Determining a security condition also may include using neural networks to categorize and classify messages.
  • the use of neural networks enables a local exchanging system to “learn” based on changing message patterns and conditions.
  • Implementations also may include tracking messages that include an indeterminate indicator. Generally, these implementations apply to situations where the local exchanging system has permissions over other systems, but are not limited to such situations. Implementations in which the remote system is operated by a different entity may employ a protocol to allow the tracking of messages between the entities. For example, messages A, B and C each include characteristic Z, which may generate a hostile indicator if the characteristic Z occurs above a threshold number of times. The local exchanging system 130 may store messages A, B, and C, but will track the addresses at which the messages are located. If the local exchanging system 130 exchanges message D with characteristic Z, and the threshold number of times for characteristic Z to generate a hostile indicator is four or more times, then the local exchanging system 130 may reject message D. The local exchanging system 130 also may delete messages A, B, and C in response to the threshold having been reached, even after initially processing them.
  • FIG. 6 illustrates a procedure 600 by which a message with an indeterminate indicator is tracked, as was described generally in step 350 of FIG. 3 .
  • the implementations used to identify the security condition may include, but are not limited to, the steps described with respect to FIGS. 4 and 5 .
  • Procedure 600 is typically performed on a message exchanging system, such as local exchanging system 130 of FIG. 1 .
  • an exchanged message with an indeterminate indicator is processed (step 610 ). This generally includes transmitting a message or storing a received message.
  • the local exchanging system tracks the location of where the message is kept (step 620 ). Typically, this will include having a message exchanging system track the location of a message. However, implementations may include having the local exchanging system receive a location of the message from a remote exchanging system indicating where the message is kept. Other implementations of tracking the message may include tracking an instance of the message being stored in an “outbox” of sent messages on a local exchanging system. The location of this message also may be provided.
  • the local exchanging system exchanges additional messages (step 630 ). As these additional messages are exchanged, the additional messages are inspected (step 640 ). Inspecting the additional messages includes examining the subsequently received messages to determine whether they are unwanted (e.g., FIGS. 3-5 ) and updating the data store of characteristics.
  • the local exchanging system determines whether updating the data store of characteristics with characteristics of messages subsequently exchanged recategorizes a message previously categorized with an indeterminate indicator into a message with a hostile indicator (step 650 ). If so, the message is removed from storage (step 660 ). In cases where the message was transmitted, the local exchanging system may generate a message, alarm or indicator to the remote exchanging system that the message is now considered to have a hostile indicator. If the message has not been recategorized, the local exchanging system continues to track the message (step 670 ).
  • Implementations also may include recategorizing messages with indeterminate indicators into neutral indicators if subsequently exchanged messages indicate that the message is valid. For example, a valid message sender may send valid electronic mail to a large number of recipients, such that the number of recipients happens to be more than the threshold required to generate an indeterminate indicator. In another example, a system administrator who receives an alarm about a particular profile in a message may examine the message and determine that the message is acceptable to be stored.
  • the message exchanging system, methods, devices and programs may be implemented in hardware or software, or a combination of both.
  • the message exchanging system, methods, devices and programs are implemented in computer programs executing on programmable computers each with at least one processor, a data storage system (including volatile and/or storage elements), at least one input device, and at least one output device.
  • Program code is applied to input data to perform the functions described herein and generate output information.
  • the output information is applied to one or more output devices.

Abstract

An unwanted message may be identified by inspecting the payload portion of a message being communicated, comparing the characteristics of the payload portion with stored data indicating characteristics of other messages, and identifying a security condition based on a comparison of the message inspected. The characteristics inspected may include the payload portion of a message or the whole message when the characteristics are being compared against messages being exchanged on more than one local exchanging system. Furthermore, the characteristics of messages may be tracked for comparison against the characteristics of future messages. A threshold number of those characteristics may subsequently implicate a hostile security condition, even if a current comparison of these characteristics does not reach the threshold necessary to implicate a hostile security condition.

Description

CROSS-REFERENCE TO RELATED APPLICATIONS
This application claims the benefit of U.S. Provisional Application No. 60/286,963 filed Apr. 30, 2001, which is incorporated by reference.
TECHNICAL FIELD
This invention relates to the identification of unwanted electronic messages in a message exchanging system.
BACKGROUND
Through the exchange of electronic messages, a new medium of communication has evolved. As this new communication medium has become more pervasive, growth has been experienced both in the electronic networks supporting electronic messages and the number of people having access to those electronic networks. With this growth, message exchangers have been subject to an increasing number of spam and other unwanted messages, as well as hacker attacks through electronic messaging.
SUMMARY
In one general aspect, the performance of a message exchanging system may be improved. A payload portion of a message being communicated is inspected and characteristics of the payload portion are identified and compared with stored data indicating characteristics of at least one other message that has been inspected. A security condition is identified based on the comparison.
In another general aspect, the performance of a message exchanging system may be improved by inspecting a message being communicated to a first device in a message exchanging system of two or more devices and identifying characteristics of the message. Characteristics of the message are compared with stored data indicating characteristics of at least one other message communicated to a second device, and a security condition is identified based on the comparison.
Implementations may include one or more of the following features. For example, the characteristics of the payload portion include information other than address information. The characteristics of the payload portion inspected do not include address information. The message exchanged may include an electronic mail message.
The characteristics may be tracked for comparison against characteristics of future messages, and the characteristics of a new message may be compared with the characteristics of at least one message that has been tracked. Comparing characteristics may include comparing characteristics with stored characteristics of other communicated messages.
Implementations may include rejecting the message if the security condition identified includes a hostile indicator. The hostile indicator may be revealed as a hostile indicator when comparing characteristics of the messages inspected reveals a threshold of messages having a shared characteristic.
The security condition may include an indeterminate indicator. Implementations may include determining that the security condition includes an indeterminate indicator when the characteristics, standing alone, do not reveal a hostile security condition, but the characteristics may do so in combination with similar characteristics of other messages, including those exchanged in the future. Implementations may include removing messages with these characteristics if these characteristics subsequently generate a hostile indicator for a security condition. The message may be accepted if the security condition includes an indeterminate indicator.
Implementations may include generating a neutral indicator for the security condition. If the security condition includes a neutral indicator, the message exchanging system may accept the message.
Implementations also may include inspecting messages sent or received by more than a single device.
Implementations may include a system capable of achieving the above features, for instance, a remote exchanging system, a local exchanging system, and a network between these components. Implementations also may include rearranging the sequence of steps performed on the local exchanging system to achieve these features.
The details of one or more implementations are set forth in the accompanying drawings and the description below. Other features, and advantages will be apparent from the description and drawings.
DESCRIPTION OF DRAWINGS
FIG. 1 is a diagram of a message exchanging system with the ability to examine exchanged messages for unwanted messages.
FIG. 2 is a diagram of an exemplary structure of message that may be exchanged in a communications system such as that shown in FIG. 1.
FIGS. 3-6 are flow charts illustrating steps performed in exchanging a message.
Like reference symbols in the various drawings indicate like elements.
DETAILED DESCRIPTION
For illustrative purposes, FIGS. 1-6 describe message exchanging systems and processes capable of determining whether an electronic message being communicated is unwanted. Generally, a message exchanging system inspects an exchanged message by determining one or more characteristics of the message and comparing them to one or more characteristics found in other messages. Based on this comparison, a security condition may be identified, and a responsive action taken. For instance, the message may be discarded if the security condition is deemed hostile. The message may be accepted if the security condition is deemed neutral or better, or the message may be tracked if the security condition is deemed indeterminate to enable responsive action based on future or other comparisons involving the characteristics of this or another exchanged message.
Referring to FIG. 1, a message exchanging system 100 may be structured and arranged to transmit messages between a remote exchanging system 110 and a local exchanging system 130 through a network 120. For brevity, each of these elements is represented as a monolithic entity. However, any or all of system 110, the network 120 and the system 130 may include numerous interconnected computers and components designed to perform a set of specified operations and/or dedicated to a particular geographical region.
Typically, the remote exchanging system 110 and the local exchanging system 130 are structured and arranged to exchange one or more messages across network 120. Each of the remote exchanging system 110 and the local exchanging system 130 may be implemented by a general-purpose computer capable of responding to and executing instructions in a defined manner. Each of the remote exchanging system 110 and the local exchanging system 130 may include a personal computer, a special-purpose computer, a workstation, a server, a device, a component, other equipment or some combination thereof capable of responding to and executing instructions. Each may be structured and arranged to receive instructions from, for example, a software application, a program, a piece of code, a device, a computer, a computer system, or a combination thereof, which independently or collectively directs operations, as described herein. The instructions may be embodied permanently or temporarily in any type of machine, component, equipment, storage medium, or propagated signal that is capable of being delivered to the remote exchanging system 110 or the local exchanging system 130.
One example of the remote exchanging system 110 includes a dedicated mailing system. Such a dedicated mailing system may be implemented by specialized hardware or executed by a general purpose processor capable of running various applications such as electronic mailer programs, either or both being capable of employing various message transfer protocols such as SMTP (“Simple Mail Transfer Protocol”). In addition or as an alternative, the remote exchanging system 110 may include a communications interface (not shown) in an information delivery network. For example, the remote exchanging system 110 may include an electronic mail gateway.
In any event, the remote exchanging system 110 generally communicates with the local exchanging system 130 using network 120. As such, the network 120 typically is structured and arranged to enable direct or indirect communications between the remote exchanging system 110 and the local exchanging system 130.
Examples of the network 120 include the Internet, the World Wide Web, one or more WANs (“Wide Area Networks”), one or more LANs (“Local Area Networks”), one or more analog or digital wired or wireless telephone networks (e.g., PSTN (“Public Switched Telephone Network”), ISDN (“Integrated Services Digital Network”), or xDSL (“Digital Subscriber Loop”) network), a radio, a television, a cable, a satellite, and/or other delivery mechanisms for carrying data. The network 120 may include a direct link between the remote exchanging system 110 and the local exchanging system 130, or the network 120 may include one or more networks or subnetworks between them. Each network or subnetwork may include, for example, a wired or wireless data pathway capable of carrying and receiving data between remote exchanging system 110 and local exchanging system 130.
Typically, the local exchanging system 130 is structured and arranged to exchange one or more messages with remote exchanging system 110 across network 120. The local exchanging system 130 may include or form part of an information delivery system, such as, for example, an electronic mail system, the World Wide Web, or an online service provider network. The local exchanging system 130 is structured and arranged to receive one or more messages.
The local exchanging system 130 may include various components, including one or more of an inspection module 131, a comparison module 132, a data store of characteristics 133, and a security module 134, as illustrated by FIG. 1. In general, each of the modules and data store 133 may be independently or collectively implemented by, for example, a general-purpose computer.
The inspection module 131 may be structured and arranged to exchange and analyze a message or one or more characteristics of the message or its payload portion when communicated with one or more devices, such as another local exchanging system 130A.
The comparison module 132 may be structured and arranged to compare the characteristics of the payload portion of the inspected message with a data store of characteristics 133 or to compare the characteristics of messages exchanged across more than one device with a data store of characteristics 133.
The data store 133 may be structured and arranged to include a compilation of suspect message characteristics identified as potentially problematic, suspicious or profile-matching. Examples of such characteristics include, but are not limited to, the existence or attributes of text, a key word, a name, a physical size and/or content of an attached file, and the address of hyper text embedded in a message. When messages exchanged across more than one device are inspected, and collectively used to identify unwanted or suspect messages, characteristics stored in data store 133 also may include an IP address, a sender identification and domain name information (e.g., name.com).
Implementations of the data store 133 may include database software structured and arranged to manage information relating to characteristics of the messages. For example, the database software may keep a table of entries or terms that the local exchanging system 130 is inspecting and tracking. Each entry may include a counter indicating the number of times the entry has appeared. The entry also may include a location parameter including addresses or message identifiers indicating messages in which the entry appears. Referencing this location parameter enables retrieval of messages subsequently determined to be unwanted.
The security module 134 may be structured and arranged to identify a security condition based on results from the comparison module 132.
Although described above with respect to a single local exchanging system 130, the message exchanging system 100 may include more than one local exchanging system 130 structured and arranged to communicate messages, as depicted by local exchanging system 130A in FIG. 1. For example, an organization may use multiple servers capable of exchanging messages and may distribute messages to be communicated across the multiple servers in a manner that balances the load.
FIG. 2 shows an exemplary structure of a message 200 of the type exchanged in FIG. 1. In general, the message 200 may include, e.g., an electronic mail message and a file attachment. The message 200 may be structured and arranged to include a header field 210 and a payload portion 220. The header field 210 typically includes addressing information to describe the destination of the message. The header field 210 may include an IP address, a mail recipient identifier, a PC identifier, and/or an online identity. The payload portion 220 typically includes information other than address or identification information, such as information to be communicated to the person or system identified by the header field 210. For instance, the payload portion field 220 may include a letter in an electronic mail message, an attached file in an electronic mail message, or a hypertext link in a file.
FIG. 3 illustrates a method of identifying unwanted messages in a message exchanging system, such as local exchanging system 130 described with reference to FIG. 1. Typically, an unwanted message may be identified by identifying a security condition for a message (step 310), determining whether the security condition is hostile, indeterminate or neutral (step 320), and taking an action based on the security condition identified ( steps 330, 340 and 350).
Initially, a local exchanging system identifies a security condition for a message exchanged (step 310). Implementations may include systems that inspect the payload portion of a message. An example of operations performed by systems that inspect the payload portion are described further with respect to FIG. 4.
Implementations also may include systems that inspect both the header field and the payload portion. Such systems may be used where messages are exchanged across more than one local exchanging system.
Generally, identifying a security condition involves comparing one or more parameters appearing in a message with stored data indicating that the message may be hostile. The stored data generally indicate characteristics of at least one other message previously inspected.
The local exchanging system then determines whether the security condition is hostile, neutral, or indeterminate (step 320). A hostile security condition indicates that, based on parameters of the message, the message has a profile that resembles an unwanted message (e.g., spam, objectionable content) or a malicious message (e.g., viruses, worms).
A neutral security condition indicates that, based on the parameters of the message and based on the data presently stored, the message does not resemble messages considered to be unwanted or malicious.
An indeterminate condition indicates that, based on the parameters of the message, the message has a profile that is of concern and may subsequently be identified as a hostile message. For example, an exchanging system may receive a large number of messages from one source. After a threshold number of messages are exchanged, the message may be identified as a hostile message. Messages leading to the threshold number may initially generate a neutral, then an indeterminate indicator, before the threshold iteration of the message generates a hostile indicator.
If the message is hostile, the local exchanging system rejects the message (step 330). In the case of a message being transmitted, rejecting the message may include not transmitting the message. In the case of messages being received, storage and processing of rejected messages may be prevented, or to the extent that rejected messages are stored, an alarm may be generated and/or sent to an administrator.
The local exchanging system generally processes (e.g., transmit or receive) messages for which the security condition includes a neutral indicator indicating that the characteristics of the exchanged message correspond to those messages considered not hostile (step 340).
The local exchanging system also generally processes messages for which the security condition includes an indeterminate indicator, as this security condition indicates that the characteristics of the message do not correspond to a hostile condition at this time but may reveal a hostile indicator in the future in combination with other received messages having similar characteristics (step 350). As part of processing a message with an indeterminate indicator, the local exchanging system may index the message that has been processed to enable subsequent action to be taken if the message is recategorized. Similarly, characteristics may be counted to better categorize the message.
FIG. 4 illustrates a procedure 400 that represents one method of identifying a security condition by inspecting the payload portion of a message in a message exchanging system. Procedure 400 includes exchanging a message (step 410), inspecting the payload portion of the message (step 420), comparing the characteristics of the payload portion of the message with a data store of characteristics of other messages (step 430), and identifying a security condition based on the comparison of the characteristics (step 440). Typically, procedure 400 is performed by a message exchanging system, such as local exchanging system 130 of FIG. 1.
A message or file is exchanged between a sender and a receiver, such as remote exchanging system 110 and local exchanging system 130 (step 410). The message may include an electronic mail message and/or an instant message, and the message may be transmitted to or from a local exchanging system.
Next, in the implementation of FIG. 1, the inspection module 131 inspects the payload portion of the message exchanged (step 420). The payload portion generally corresponds to the payload portion of the message described previously in FIG. 2. Implementations may include inspecting more than one field in the payload portion. For example, the local exchanging system 130 may inspect the exchanged message to determine if the message includes hypertext links and/or attached documents. If the message includes a reference to information located outside the message, the external information being referenced also may be inspected. For example, in a message with a link to a file on a server, the local exchanging system may download and inspect the file.
The comparison module 132 compares the payload portion of the exchanged message, or characteristics thereof, with information from a data store 133 (step 430). This information may include the payload portion, or characteristics thereof, of other exchanged messages that have been inspected. Where the data store includes a database of the characteristics, the local exchanging system 130 may compare characteristics of the payload portion to those of other messages and add the compared characteristics to the data store. The data store then may be updated as additional messages are received. Other implementations may include having an administrator set parameters to inspect. For example, if an administrator learns in advance of a virus, the administrator may specify that all files with a suspect name or profile be entered into the data store of characteristics.
Comparing the characteristics may include comparing characteristics of an exchanged message with a subset of characteristics of other messages. For example, a local exchanging system may filter characteristics in the data store so that characteristics of an exchanged message are compared against the filtered subset of more suspect characteristics. The characteristics of the exchanged message may still be compiled into the data store. These characteristics may “bubble” into the filtered characteristics that are compared against if the characteristics continue to be received or are recategorized as more suspect.
In another implementation, the message may be compared against a data store corresponding to characteristics for messages exchanged locally. For example, a data store may correspond to messages exchanged on that system in a specified time span.
In the implementation of FIG. 1, the security module 134 determines a security condition based on the results of the comparison of the payload portion in the comparison module 132 (step 440).
FIG. 5 illustrates a procedure 500 by which a security condition is identified by inspecting both the header field and the payload portion of messages being communicated in a local exchanging system that includes two or more devices. Procedure 500 involves exchanging a message (step 510), inspecting the message (step 520), comparing characteristics of the message with a data store of characteristics of other messages (step 530), and identifying a security condition based on the comparison (step 540). Typically, procedure 500 is performed on a message exchanging system, such as that illustrated by local exchanging system 130 of FIG. 1.
Initially, a message is exchanged (step 510) between a remote exchanging system and a local exchanging system, as is depicted in dashed lines in FIG. 1.
The exchanged message then is inspected (step 520) by examining parameters both in the header field and the payload portion. The local exchanging system then compares the message inspected with characteristics of messages exchanged across more than one local exchanging system 130 (step 530). The message exchanged across more than one local exchanging system 130 may be acquired in a synchronous or disparate manner. For example, the characteristics of messages compared may include characteristics of messages compiled from one server sending messages and another server receiving messages. The two or more local exchanging servers may be situated in geographically diverse locations. For example, one local exchanging server may be located on the east coast while the other is located on the west coast.
Comparing characteristics of messages (step 530) may include using a counter in conjunction with characteristics to determine a security condition. For example, a database may keep track of the number of times certain characteristics appear. As will be discussed, the counter may be a factor in determining the security condition.
The local exchanging system then identifies a security condition (step 540) based on the result of the comparison with messages exchanged across more than one local exchanging system. The security condition may include a hostile indicator.
Determining that there is a hostile indicator may include tracking the number of suspect elements in a message. A characteristic of the message is a suspect element when that characteristic is identified in the comparison against entries in the data store of characteristics 133. For example, if a Uniform Resource Locator (“URL”) found in a message also exists in the data store of characteristics 133, that correlation may be identified as a suspect element that implicates the message as a suspect message.
Determining that there is a hostile indicator may include quantifying suspect elements. For example, two suspect elements may generate an indeterminate indicator while three suspect elements generate a hostile indicator.
In addition, or as an alternative, the security condition may be identified depending on the actual suspect element detected within the message. For example, messages with one particular suspect element H and no other elements of concern may always generate a hostile indicator while messages with a different single suspect element or a combination of other suspect elements may not generate a hostile indicator. Likewise, a message may include five suspect elements, but if one of the elements is a particular suspect element, the message may generate a neutral indicator. Examples may feature a hierarchy of suspect elements where one particular suspect element generates a neutral indicator unless another suspect element is present, in which case a hostile indicator is generated.
Implementations also may include having a suspect element generate an alarm score to gauge the level of concern. For example, a message may be inspected by identifying a sender, an attached file and a MD5 (“Message Digest 5”) signature as elements of concern. The sender may receive a score of 10, the attached file may receive a score of 20, and the MD5 signature may generate a score of 30 for a combined message score of 60. If the local exchanging system categorizes all messages with a score greater than 100 as hostile, the message may be considered indeterminate or neutral. However, in some implementations, if one of the elements of concern is exchanged with increasing frequency, the score associated with that element of concern may increase. Thus, if the sender continues to appear in messages exchanged, perhaps indicating the sender may be sending “spam” mail messages, the score associated with that sender may rise to 90, generating a new alarm score of 140 for the same message previously assigned a score of 60. In some implementations, messages having alarm scores that subsequently increase above a specified threshold may be deleted in response to such an increase. For example, a local exchanging system may categorize a message as hostile initially if the score is above 100 and subsequently re-categorize as hostile any messages whose score rises above 130. In this case, the message is categorized with a hostile indicator upon review and the message is deleted. The local exchanging system may look up messages that were initially categorized with indeterminate indicators and subsequently re-categorized as hostile, and delete the re-categorized messages.
Determining a security condition also may include using neural networks to categorize and classify messages. The use of neural networks enables a local exchanging system to “learn” based on changing message patterns and conditions.
Implementations also may include tracking messages that include an indeterminate indicator. Generally, these implementations apply to situations where the local exchanging system has permissions over other systems, but are not limited to such situations. Implementations in which the remote system is operated by a different entity may employ a protocol to allow the tracking of messages between the entities. For example, messages A, B and C each include characteristic Z, which may generate a hostile indicator if the characteristic Z occurs above a threshold number of times. The local exchanging system 130 may store messages A, B, and C, but will track the addresses at which the messages are located. If the local exchanging system 130 exchanges message D with characteristic Z, and the threshold number of times for characteristic Z to generate a hostile indicator is four or more times, then the local exchanging system 130 may reject message D. The local exchanging system 130 also may delete messages A, B, and C in response to the threshold having been reached, even after initially processing them.
FIG. 6 illustrates a procedure 600 by which a message with an indeterminate indicator is tracked, as was described generally in step 350 of FIG. 3. The implementations used to identify the security condition may include, but are not limited to, the steps described with respect to FIGS. 4 and 5. Procedure 600 is typically performed on a message exchanging system, such as local exchanging system 130 of FIG. 1.
Initially, an exchanged message with an indeterminate indicator is processed (step 610). This generally includes transmitting a message or storing a received message.
With the message processed, the local exchanging system tracks the location of where the message is kept (step 620). Typically, this will include having a message exchanging system track the location of a message. However, implementations may include having the local exchanging system receive a location of the message from a remote exchanging system indicating where the message is kept. Other implementations of tracking the message may include tracking an instance of the message being stored in an “outbox” of sent messages on a local exchanging system. The location of this message also may be provided.
The local exchanging system exchanges additional messages (step 630). As these additional messages are exchanged, the additional messages are inspected (step 640). Inspecting the additional messages includes examining the subsequently received messages to determine whether they are unwanted (e.g., FIGS. 3-5) and updating the data store of characteristics.
The local exchanging system determines whether updating the data store of characteristics with characteristics of messages subsequently exchanged recategorizes a message previously categorized with an indeterminate indicator into a message with a hostile indicator (step 650). If so, the message is removed from storage (step 660). In cases where the message was transmitted, the local exchanging system may generate a message, alarm or indicator to the remote exchanging system that the message is now considered to have a hostile indicator. If the message has not been recategorized, the local exchanging system continues to track the message (step 670).
Implementations also may include recategorizing messages with indeterminate indicators into neutral indicators if subsequently exchanged messages indicate that the message is valid. For example, a valid message sender may send valid electronic mail to a large number of recipients, such that the number of recipients happens to be more than the threshold required to generate an indeterminate indicator. In another example, a system administrator who receives an alarm about a particular profile in a message may examine the message and determine that the message is acceptable to be stored.
The message exchanging system, methods, devices and programs may be implemented in hardware or software, or a combination of both. In some implementations, the message exchanging system, methods, devices and programs are implemented in computer programs executing on programmable computers each with at least one processor, a data storage system (including volatile and/or storage elements), at least one input device, and at least one output device. Program code is applied to input data to perform the functions described herein and generate output information. The output information is applied to one or more output devices.
A number of implementations have been described. Nevertheless, it will be understood that various modifications may be made.

Claims (27)

1. A method of identifying unwanted messages, the method comprising:
inspecting a payload portion of an electronic mail message being communicated and identifying characteristics of the payload portion, the electronic mail message including an address of a recipient;
comparing the characteristics of the inspeceted payload portion of the electronic mail message with stored data indicating characterisitics of at least one other electronic mail message that has been inspected;
based on comparison results, identifying a first security condition for the electronic mail message from among at least one of acceptable, unacceptable, and indeterminate states; and
processing the electronic mail message based on the first security condition, wherein processing, the electronic mail message includes:
rejecting the electronic mail message if the first security condition associated with the electronic mail message reflects the unacceptable state;
accepting the electronic mail message if the first security condition associated with the electronic mail message reflects the acceptable state; and
if the first security condition associated with the electronic mail message reflects the indeterminate state, monitoring the electronic mail message by:
transmitting the electronic mail message based on the address of the electronic mail message;
tracking a location of the transmitted electronic mail message;
inspecting at least one other electronic mail message subsequent to transmitting the electronic mail message;
updating the stored data to indicate characteristics of the at least one other electronic mail message that has been inspected;
recategorizing the first security condition of the transmitted electronic mail message to a second security condition of the transmitted electronic mail message based on the updated stored data; and
reprocessing the transmitted electronic mail message based on the second security condition, wherein reprocessing the transmitted electronic mail message includes deleting the transmitted electronic mail message if the second security condition reflects the unacceptable state.
2. The method of claim 1 wherein the characteristics of the payload portion include information other than address information.
3. The method of claim 2 wherein the characteristics of the payload portion do not include address information.
4. The method of claim 1 wherein a security condition associated with an electronic mail message is identified as reflecting the unacceptable state when the comparison of the characteristics reveals a threshold number of messages having a shared characteristic.
5. The method of claim 4 wherein reprocessing the transmitted electronic mail message based on the second security condition includes deleting the transmitted electronic mail message if the security condition associated with the at least one other electronic mail message inspected subsequent to the transmitting the electronic mail message is identified as reflecting the unacceptable state and the at least one other electronic mail message has characteristics in common with the transmitted electronic mail message.
6. The method of claim 1 further comprising tracking the characteristics of the payload portion for comparison against characteristics of future electronic mail messages, wherein the characteristics of a new electronic mail message are compared with the characteristics of at least one electronic mail message that has been tracked.
7. The method of claim 6 wherein comparing the characteristics of the payload portion includes comparing the characteristics of the payload portion of electronic mail messages inspected with stored characteristics of other communicated electronic mail messages.
8. The method of claim 6 wherein the characteristics of the payload portion of the electronic mail message are tracked when the first security condition is indentified as reflecting the indeterminate state.
9. The method of claim 8 wherein an indeterminate state is identified if the comparison of the characteristics does not itself reveal an unacceptable state, but the characteristics of the payload portion would reveal the unacceptable state in combination with similar characteristics of other electronic mail messages.
10. The method of claim 8 further comprising accepting the transmitted electronic mail message if the second security condition associated with the transmitted electronic mail message reflects the acceptable state.
11. The method of claim 1 wherein identifying the first security condition includes comparing the characteristics of more than one electronic mail message received by a single device.
12. The method of claim 1 wherein identifying the first security condition includes comparing the characteristics of more than one electronic mail message sent by a single device.
13. The method of claim 1 wherein recategorizing the first security condition of the transmitted electronic mail message to a second security condition of the transmitted electronic mail message includes recategorizing the first security condition of the transmitted electronic mail message to second security condition that reflects the unacceptable state.
14. The method of claim 1 wherein recategorizing the first security condition of the transmitted electronic mail message to a second security condition of the transmitted electronic mail message includes recategorizing the first security condition of the transmitted electronic mail message to a second security condition that reflects the unacceptable state.
15. The method of claim 1 wherein identifying the first security condition as reflecting the acceptable state includes identifying the first security condition as reflecting a neutral state.
16. The method of claim 1 wherein identifying the first security condition as reflecting the unacceptable state includes identifying the first security condition as reflecting a hostile state.
17. The method of claim 1 wherein recategorizing the first security condition of the transmitted electronic mail message is performed when the stored data is updated such that the security condition associated with an electronic mail message with certain characteristics would be identified as reflecting a state other than the indeterminate state and the security condition associated with an electronic mail message with the same characteristics would have been identified as reflecting the indeterminate state prior to the update.
18. The method of claim 1 wherein recategorizing the first security condition of the transmitted electronic mail message is performed if at least one other electronic mail message inspected subsequent to transmitting the electronic mail message includes a characteristic that increases the number of electronic mail messages inspected with that characteristic above a threshold level.
19. The method of claim 1 wherein recategorizing the first security condition of the transmitted electronic mail message is performed when an administrator updates the stored data to indicate that at least one characteristic of an electronic mail message is acceptable.
20. The method of claim 1 wherein recategorizing the first security condition of the transmitted electronic mail message is performed when an administrator updates the stored data to indicate that at least one characteristic of an electronic mail message is unacceptable.
21. The method of claim 1 wherein reprocessing the transmitted electronic mail message includes removing the transmitted electronic mail message from storage if the second security condition reflects the unacceptable state.
22. The method of claim 1 wherein reprocessing the transmitted electronic mail message includes generating an alarm if the second security condition reflects the unacceptable state.
23. The method of claim 1 wherein reprocessing the transmitted electronic mail message includes continuing to track the location of the transmitted electronic mail message if the second security condition still reflects the indeterminate state.
24. The method of claim 1 wherein recategorizing the first security condition of the transmitted electronic mail message includes:
accessing the location of the electronic mail message;
retrieving the electronic mail message from the location;
inspecting the payload portion of the transmitted electronic mail message and identifying characteristics of the payload portion;
comparing the characteristics of the payload portion of the transmitted electronic mail message with the updated stored data; and
in response to comparing, identifying the second security condition from among at least one of the acceptable, unacceptable, and indeterminate states.
25. At least one storage medium storing one or more computer programs, the one or more computer programs including instructions that, when executed, perform operations comprising:
inspecting a payload portion of an electronic mail message being communicated and identifying characteristics of the payload portion, the electronic mail message including an address of a recipient;
comparing the characteristics of the inspected payload portion of the electronic mail message with stored data indicating characteristics of at least one other electronic mail message that has been inspected;
based on comparison results, identifying a first security condition for the electronic mail message from among at least one of acceptable, unacceptable and indeterminate states; and
processing the electronic mail message based on the first security condition, wherein processing the electronic mail message includes:
rejecting the electronic mail message if the first security condition associated with the electronic mail message reflects the unacceptable state;
accepting the electronic mail message if the first security condition associated with the electronic mail message reflects the acceptable state; and
if the first security condition associated with the electronic mail message reflects the indeterminate state, monitoring the electronic mail message by:
transmitting the electronic mail message based on the address of the electronic mail message;
tracking a location of the transmitted electronic mail message;
inspecting at least one other electronic mail message subsequent to transmitting the electronic mail message;
updating the stored data to indicate characteristics of the at least one other electronic mail message that has been inspected;
recategorizing the first security condition of the transmitted electronic mail message to a second security condition of the transmitted electronic mail message based on the updated stored data; and
reprocessing the transmitted electronic mail message based on the second security condition, wherein reprocessing the transmitted electronic mail message includes deleting the transmitted electronic mail message if the second security condition reflects the unacceptable state.
26. An electronic system comprising:
at least one storage element configured to store data indicating characteristics of electronic mail messages; and
at least one processor configured to execute instructions, stored on the at least one storage element, to perform operations comprising:
inspecting a payload portion of an electronic mail message being communicated and identifying characteristics of the payload portion, the electronic mail message including an address of a recipient;
comparing the characteristics of the inspected payload portion of the electronic mail message with stored data indicating characteristics of at least one other electronic mail message that has been inspected;
based on comparison results, identifying a first security condition for the electronic mail message from among at least one of acceptable, unacceptable, and indeterminate states; and
processing the electronic mail message based on the first security condition, wherein processing the electronic mail message includes:
rejecting the electronic mail message if the first security condition associated with the electronic mail message reflects the unacceptable state;
accepting the electronic mail message if the first security condition associated with the electronic mail message reflects the acceptable state; and
if the first security condition associated with the electronic mail message reflects the indeterminate state, monitoring the electronic mail message by:
transmitting the electronic mail message based on the address of the electronic mail message;
tracking a location of the transmitted electronic mail message;
inspecting at least one other electronic, mail message subsequent to transmitting the electronic mail message;
updating the stored data to indicate characteristics of the at least one other electronic mail message that has been inspected;
recategorizing the first security condition of the transmitted electronic mail message to a second security condition of the transmitted electronic mail message based on the updated stored data; and
reprocessing the transmitted electronic mail message based on the second security condition, wherein reprocessing the transmitted electronic mail message includes deleting the transmitted electronic mail message if the second security condition reflects the unacceptable state.
27. Art electronic system comprising:
means for inspecting a payload portion of an electronic mail message being communicated and identifying characteristics of the payload portion, the electronic mail message including an address of a recipient;
means for comparing the characteristics of the inspected payload portion of the electronic mail message with stored data indicating characteristics of at least one other electronic mail message that has been inspected;
means for, based on comparison results, identifying a first security condition for the electronic mail message from among at least one of acceptable, unacceptable, and indeterminate states; and
means for processing the electronic mail message based on the first security condition, wherein the means for processing the electronic mail message includes:
means for rejecting the electronic mail message if the first security condition associated with the electronic mail message reflects the unacceptable state;
means for accepting the electronic mail message if the first security condition associated with the electronic mail message reflects the acceptable state; and
means for, if the first security condition associated with the electronic mail message reflects the indeterminate state, monitoring the electronic mail message by:
transmitting the electronic mail message based on the address of the electronic mail message;
tracking a location of the transmitted electronic mail message;
inspecting at least one other electronic mail message subsequent to transmitting the electronic mail message;
updating the stored data to indicate characteristics of the at least one other electronic mail message that has been inspected;
recategorizing the first security condition of the transmitted electronic mail message to a second security condition of the transmitted electronic mail message based on the updated stored data; and
reprocessing the transmitted electronic mail message based on the second security condition, wherein reprocessing the transmitted electronic mail message includes deleting the transmitted electronic mail message if the second security condition reflects the unacceptable state.
US10/059,147 2001-04-30 2002-01-31 Identifying unwanted electronic messages Active 2024-11-27 US7325249B2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US10/059,147 US7325249B2 (en) 2001-04-30 2002-01-31 Identifying unwanted electronic messages
US12/020,630 US7954155B2 (en) 2001-04-30 2008-01-28 Identifying unwanted electronic messages

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US28696301P 2001-04-30 2001-04-30
US10/059,147 US7325249B2 (en) 2001-04-30 2002-01-31 Identifying unwanted electronic messages

Related Child Applications (1)

Application Number Title Priority Date Filing Date
US12/020,630 Continuation US7954155B2 (en) 2001-04-30 2008-01-28 Identifying unwanted electronic messages

Publications (2)

Publication Number Publication Date
US20020162025A1 US20020162025A1 (en) 2002-10-31
US7325249B2 true US7325249B2 (en) 2008-01-29

Family

ID=26738403

Family Applications (2)

Application Number Title Priority Date Filing Date
US10/059,147 Active 2024-11-27 US7325249B2 (en) 2001-04-30 2002-01-31 Identifying unwanted electronic messages
US12/020,630 Expired - Lifetime US7954155B2 (en) 2001-04-30 2008-01-28 Identifying unwanted electronic messages

Family Applications After (1)

Application Number Title Priority Date Filing Date
US12/020,630 Expired - Lifetime US7954155B2 (en) 2001-04-30 2008-01-28 Identifying unwanted electronic messages

Country Status (1)

Country Link
US (2) US7325249B2 (en)

Cited By (44)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060195451A1 (en) * 2005-02-28 2006-08-31 Microsoft Corporation Strategies for ensuring that executable content conforms to predetermined patterns of behavior ("inverse virus checking")
US20060262867A1 (en) * 2005-05-17 2006-11-23 Ntt Docomo, Inc. Data communications system and data communications method
US20070022168A1 (en) * 2005-07-19 2007-01-25 Kabushiki Kaisha Toshiba Communication terminal and customize method
US20070180528A1 (en) * 2006-01-25 2007-08-02 Computer Associates Think, Inc. System and method for reducing antivirus false positives
US20070233697A1 (en) * 2006-03-30 2007-10-04 Nec Corporation System and method for avoiding notification of unwanted information
US20070288575A1 (en) * 2006-06-09 2007-12-13 Microsoft Corporation Email addresses relevance determination and uses
US20080021961A1 (en) * 2006-07-18 2008-01-24 Microsoft Corporation Real-time detection and prevention of bulk messages
US20080037728A1 (en) * 2004-09-10 2008-02-14 France Telecom Sa Method Of Monitoring A Message Stream Transmitted And/Or Received By An Internet Access Provider Customer Within A Telecommunication Network
US20080147815A1 (en) * 2002-03-01 2008-06-19 Tralix, L.L.C. Systems and methods for providing electronic mail message header information
US20080177843A1 (en) * 2007-01-22 2008-07-24 Microsoft Corporation Inferring email action based on user input
US7499529B1 (en) * 2001-12-11 2009-03-03 Verizon Laboratories, Inc. Systems and methods for providing filtered message delivery
US20120233695A1 (en) * 2008-10-21 2012-09-13 Lookout, Inc., A California Corporation System and method for server-coupled application re-analysis to obtain trust, distribution and ratings assessment
US8365252B2 (en) 2008-10-21 2013-01-29 Lookout, Inc. Providing access levels to services based on mobile device security state
US8381303B2 (en) 2008-10-21 2013-02-19 Kevin Patrick Mahaffey System and method for attack and malware prevention
US8397301B2 (en) 2009-11-18 2013-03-12 Lookout, Inc. System and method for identifying and assessing vulnerabilities on a mobile communication device
US20130091223A1 (en) * 2011-10-05 2013-04-11 Research In Motion Limited Selective delivery of social network messages within a social network
US8467768B2 (en) 2009-02-17 2013-06-18 Lookout, Inc. System and method for remotely securing or recovering a mobile device
US8505095B2 (en) 2008-10-21 2013-08-06 Lookout, Inc. System and method for monitoring and analyzing multiple interfaces and multiple protocols
US8510843B2 (en) 2008-10-21 2013-08-13 Lookout, Inc. Security status and information display system
US8533844B2 (en) 2008-10-21 2013-09-10 Lookout, Inc. System and method for security data collection and analysis
US8538815B2 (en) 2009-02-17 2013-09-17 Lookout, Inc. System and method for mobile device replacement
US8606868B2 (en) 2011-06-10 2013-12-10 International Business Machines Corporation Community based measurement of capabilities and availability
US8655307B1 (en) 2012-10-26 2014-02-18 Lookout, Inc. System and method for developing, updating, and using user device behavioral context models to modify user, device, and application state, settings and behavior for enhanced user security
US8738765B2 (en) 2011-06-14 2014-05-27 Lookout, Inc. Mobile device DNS optimization
US8788881B2 (en) 2011-08-17 2014-07-22 Lookout, Inc. System and method for mobile device push communications
US8855601B2 (en) 2009-02-17 2014-10-07 Lookout, Inc. System and method for remotely-initiated audio communication
US8855599B2 (en) 2012-12-31 2014-10-07 Lookout, Inc. Method and apparatus for auxiliary communications with mobile communications device
US8984628B2 (en) 2008-10-21 2015-03-17 Lookout, Inc. System and method for adverse mobile application identification
US9042876B2 (en) 2009-02-17 2015-05-26 Lookout, Inc. System and method for uploading location information based on device movement
US9043919B2 (en) 2008-10-21 2015-05-26 Lookout, Inc. Crawling multiple markets and correlating
US9208215B2 (en) 2012-12-27 2015-12-08 Lookout, Inc. User classification based on data gathered from a computing device
US9215074B2 (en) 2012-06-05 2015-12-15 Lookout, Inc. Expressing intent to control behavior of application components
US9235704B2 (en) 2008-10-21 2016-01-12 Lookout, Inc. System and method for a scanning API
US9367680B2 (en) 2008-10-21 2016-06-14 Lookout, Inc. System and method for mobile communication device application advisement
US9374369B2 (en) 2012-12-28 2016-06-21 Lookout, Inc. Multi-factor authentication and comprehensive login system for client-server networks
US9424409B2 (en) 2013-01-10 2016-08-23 Lookout, Inc. Method and system for protecting privacy and enhancing security on an electronic device
US9589129B2 (en) 2012-06-05 2017-03-07 Lookout, Inc. Determining source of side-loaded software
US9642008B2 (en) 2013-10-25 2017-05-02 Lookout, Inc. System and method for creating and assigning a policy for a mobile communications device based on personal data
US9753796B2 (en) 2013-12-06 2017-09-05 Lookout, Inc. Distributed monitoring, evaluation, and response for multiple devices
US9781148B2 (en) 2008-10-21 2017-10-03 Lookout, Inc. Methods and systems for sharing risk responses between collections of mobile communications devices
US9955352B2 (en) 2009-02-17 2018-04-24 Lookout, Inc. Methods and systems for addressing mobile communications devices that are lost or stolen but not yet reported as such
US10122747B2 (en) 2013-12-06 2018-11-06 Lookout, Inc. Response generation after distributed monitoring and evaluation of multiple devices
US10218697B2 (en) 2017-06-09 2019-02-26 Lookout, Inc. Use of device risk evaluation to manage access to services
US10540494B2 (en) 2015-05-01 2020-01-21 Lookout, Inc. Determining source of side-loaded software using an administrator server

Families Citing this family (82)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7139743B2 (en) 2000-04-07 2006-11-21 Washington University Associative database scanning and information retrieval using FPGA devices
US8095508B2 (en) 2000-04-07 2012-01-10 Washington University Intelligent data storage and processing using FPGA devices
US6711558B1 (en) 2000-04-07 2004-03-23 Washington University Associative database scanning and information retrieval
US7444398B1 (en) * 2000-09-13 2008-10-28 Fortinet, Inc. System and method for delivering security services
US7389358B1 (en) 2000-09-13 2008-06-17 Fortinet, Inc. Distributed virtual system to support managed, network-based services
US7487232B1 (en) * 2000-09-13 2009-02-03 Fortinet, Inc. Switch management system and method
US6957259B1 (en) * 2001-06-25 2005-10-18 Bellsouth Intellectual Property Corporation System and method for regulating emails by maintaining, updating and comparing the profile information for the email source to the target email statistics
US7181547B1 (en) 2001-06-28 2007-02-20 Fortinet, Inc. Identifying nodes in a ring network
US7545805B2 (en) * 2001-08-15 2009-06-09 Precache, Inc. Method and apparatus for content-based routing and filtering at routers using channels
US6910033B2 (en) * 2001-08-15 2005-06-21 Precache Inc. Method for storing Boolean functions to enable evaluation, modification, reuse, and delivery over a network
US7117270B2 (en) * 2001-08-15 2006-10-03 Precache, Inc. Method for sending and receiving a Boolean function over a network
US7411954B2 (en) * 2001-10-17 2008-08-12 Precache Inc. Efficient implementation of wildcard matching on variable-sized fields in content-based routing
US7716330B2 (en) 2001-10-19 2010-05-11 Global Velocity, Inc. System and method for controlling transmission of data packets over an information network
US9652613B1 (en) 2002-01-17 2017-05-16 Trustwave Holdings, Inc. Virus detection by executing electronic message code in a virtual machine
US8667103B2 (en) * 2002-04-26 2014-03-04 Hewlett-Packard Development Company, L.P. System and method for message traffic analysis, categorization, and reporting, within a system for harvesting community knowledge
US7203192B2 (en) * 2002-06-04 2007-04-10 Fortinet, Inc. Network packet steering
US7161904B2 (en) 2002-06-04 2007-01-09 Fortinet, Inc. System and method for hierarchical metering in a virtual router based network switch
US7376125B1 (en) 2002-06-04 2008-05-20 Fortinet, Inc. Service processing switch
US7177311B1 (en) * 2002-06-04 2007-02-13 Fortinet, Inc. System and method for routing traffic through a virtual router-based network switch
US7310660B1 (en) * 2002-06-25 2007-12-18 Engate Technology Corporation Method for removing unsolicited e-mail messages
JP2005532748A (en) 2002-07-08 2005-10-27 プリキャッシュ インコーポレイテッド Caching including packet inspection for payload inspection, alert service, digital content delivery, and quality of service management, and selective multicasting in publish-subscribe networks
US7908330B2 (en) 2003-03-11 2011-03-15 Sonicwall, Inc. Message auditing
US8924484B2 (en) 2002-07-16 2014-12-30 Sonicwall, Inc. Active e-mail filter with challenge-response
US7539726B1 (en) 2002-07-16 2009-05-26 Sonicwall, Inc. Message testing
US8396926B1 (en) 2002-07-16 2013-03-12 Sonicwall, Inc. Message challenge response
US7711844B2 (en) 2002-08-15 2010-05-04 Washington University Of St. Louis TCP-splitter: reliable packet monitoring methods and apparatus for high speed networks
US7490128B1 (en) 2002-09-09 2009-02-10 Engate Technology Corporation Unsolicited message rejecting communications processor
US7673058B1 (en) 2002-09-09 2010-03-02 Engate Technology Corporation Unsolicited message intercepting communications processor
US7716351B1 (en) 2002-09-09 2010-05-11 Engate Technology Corporation Unsolicited message diverting communications processor
US7266120B2 (en) * 2002-11-18 2007-09-04 Fortinet, Inc. System and method for hardware accelerated packet multicast in a virtual routing system
US7406502B1 (en) 2003-02-20 2008-07-29 Sonicwall, Inc. Method and system for classifying a message based on canonical equivalent of acceptable items included in the message
US7299261B1 (en) 2003-02-20 2007-11-20 Mailfrontier, Inc. A Wholly Owned Subsidiary Of Sonicwall, Inc. Message classification using a summary
US8266215B2 (en) 2003-02-20 2012-09-11 Sonicwall, Inc. Using distinguishing properties to classify messages
US10572824B2 (en) 2003-05-23 2020-02-25 Ip Reservoir, Llc System and method for low latency multi-functional pipeline with correlation logic and selectively activated/deactivated pipelined data processing engines
CA2523548C (en) 2003-05-23 2014-02-04 Washington University Intelligent data processing system and method using fpga devices
US7293063B1 (en) * 2003-06-04 2007-11-06 Symantec Corporation System utilizing updated spam signatures for performing secondary signature-based analysis of a held e-mail to improve spam email detection
US7444515B2 (en) * 2003-08-14 2008-10-28 Washington University Method and apparatus for detecting predefined signatures in packet payload using Bloom filters
GB2405229B (en) * 2003-08-19 2006-01-11 Sophos Plc Method and apparatus for filtering electronic mail
US7620690B1 (en) 2003-11-20 2009-11-17 Lashback, LLC Privacy control system for electronic communication
US7499419B2 (en) 2004-09-24 2009-03-03 Fortinet, Inc. Scalable IP-services enabled multicast forwarding with efficient resource utilization
US7808904B2 (en) 2004-11-18 2010-10-05 Fortinet, Inc. Method and apparatus for managing subscriber profiles
US7917299B2 (en) * 2005-03-03 2011-03-29 Washington University Method and apparatus for performing similarity searching on a data stream with respect to a query string
US20070016641A1 (en) * 2005-07-12 2007-01-18 International Business Machines Corporation Identifying and blocking instant message spam
US20070028291A1 (en) * 2005-07-29 2007-02-01 Bit 9, Inc. Parametric content control in a network security system
US7702629B2 (en) 2005-12-02 2010-04-20 Exegy Incorporated Method and device for high performance regular expression pattern matching
US7954114B2 (en) * 2006-01-26 2011-05-31 Exegy Incorporated Firmware socket module for FPGA-based pipeline processing
US7668920B2 (en) * 2006-03-01 2010-02-23 Fortinet, Inc. Electronic message and data tracking system
US7627641B2 (en) * 2006-03-09 2009-12-01 Watchguard Technologies, Inc. Method and system for recognizing desired email
WO2007121035A2 (en) * 2006-03-23 2007-10-25 Exegy Incorporated Method and system for high throughput blockwise independent encryption/decryption
US8443446B2 (en) 2006-03-27 2013-05-14 Telecom Italia S.P.A. Method and system for identifying malicious messages in mobile communication networks, related network and computer program product therefor
US7636703B2 (en) * 2006-05-02 2009-12-22 Exegy Incorporated Method and apparatus for approximate pattern matching
US7921046B2 (en) 2006-06-19 2011-04-05 Exegy Incorporated High speed processing of financial information using FPGA devices
US7840482B2 (en) 2006-06-19 2010-11-23 Exegy Incorporated Method and system for high speed options pricing
WO2008022036A2 (en) * 2006-08-10 2008-02-21 Washington University Method and apparatus for protein sequence alignment using fpga devices
US8180835B1 (en) 2006-10-14 2012-05-15 Engate Technology Corporation System and method for protecting mail servers from mail flood attacks
US8527592B2 (en) 2006-10-31 2013-09-03 Watchguard Technologies, Inc. Reputation-based method and system for determining a likelihood that a message is undesired
US7660793B2 (en) 2006-11-13 2010-02-09 Exegy Incorporated Method and system for high performance integration, processing and searching of structured and unstructured data using coprocessors
US8326819B2 (en) 2006-11-13 2012-12-04 Exegy Incorporated Method and system for high performance data metatagging and data indexing using coprocessors
US20080201722A1 (en) * 2007-02-20 2008-08-21 Gurusamy Sarathy Method and System For Unsafe Content Tracking
US8321936B1 (en) 2007-05-30 2012-11-27 M86 Security, Inc. System and method for malicious software detection in multiple protocols
EP2186250B1 (en) 2007-08-31 2019-03-27 IP Reservoir, LLC Method and apparatus for hardware-accelerated encryption/decryption
US10229453B2 (en) 2008-01-11 2019-03-12 Ip Reservoir, Llc Method and system for low latency basket calculation
US8374986B2 (en) 2008-05-15 2013-02-12 Exegy Incorporated Method and system for accelerated stream processing
CA2744746C (en) 2008-12-15 2019-12-24 Exegy Incorporated Method and apparatus for high-speed processing of financial market depth data
US20100332975A1 (en) * 2009-06-25 2010-12-30 Google Inc. Automatic message moderation for mailing lists
US9436932B2 (en) * 2009-08-31 2016-09-06 International Business Machines Corporation Method and system for highlighting email recipients
EP2649580A4 (en) 2010-12-09 2014-05-07 Ip Reservoir Llc Method and apparatus for managing orders in financial markets
US10650452B2 (en) 2012-03-27 2020-05-12 Ip Reservoir, Llc Offload processing of data packets
US9990393B2 (en) 2012-03-27 2018-06-05 Ip Reservoir, Llc Intelligent feed switch
US11436672B2 (en) 2012-03-27 2022-09-06 Exegy Incorporated Intelligent switch for processing financial market data
US10121196B2 (en) 2012-03-27 2018-11-06 Ip Reservoir, Llc Offload processing of data packets containing financial market data
US10133802B2 (en) 2012-10-23 2018-11-20 Ip Reservoir, Llc Method and apparatus for accelerated record layout detection
US9633093B2 (en) 2012-10-23 2017-04-25 Ip Reservoir, Llc Method and apparatus for accelerated format translation of data in a delimited data format
EP2912579B1 (en) 2012-10-23 2020-08-19 IP Reservoir, LLC Method and apparatus for accelerated format translation of data in a delimited data format
US20150012597A1 (en) * 2013-07-03 2015-01-08 International Business Machines Corporation Retroactive management of messages
WO2015164639A1 (en) 2014-04-23 2015-10-29 Ip Reservoir, Llc Method and apparatus for accelerated data translation
US9928465B2 (en) 2014-05-20 2018-03-27 Oath Inc. Machine learning and validation of account names, addresses, and/or identifiers
US10148606B2 (en) * 2014-07-24 2018-12-04 Twitter, Inc. Multi-tiered anti-spamming systems and methods
US10057331B2 (en) * 2014-12-11 2018-08-21 International Business Machines Corporation Automatic abstraction of flow of control in a distributed virtualization platform
US10652191B2 (en) 2014-12-31 2020-05-12 C. Douglass Thomas Data transmission management for computer based inter-user communication
US10942943B2 (en) 2015-10-29 2021-03-09 Ip Reservoir, Llc Dynamic field data translation to support high performance stream data processing
WO2018119035A1 (en) 2016-12-22 2018-06-28 Ip Reservoir, Llc Pipelines for hardware-accelerated machine learning

Citations (63)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4206315A (en) 1978-01-04 1980-06-03 International Business Machines Corporation Digital signature system and apparatus
US5202890A (en) 1989-06-09 1993-04-13 Matsushita Electric Industrial Co., Ltd. Block error detector
US5327486A (en) 1993-03-22 1994-07-05 Bell Communications Research, Inc. Method and system for managing telecommunications such as telephone calls
US5533110A (en) 1994-11-29 1996-07-02 Mitel Corporation Human machine interface for telephone feature invocation
US5557659A (en) 1993-06-22 1996-09-17 Hyde-Thomson; Henry C. A. Electronic mail system having integrated voice messages
US5572246A (en) 1992-04-30 1996-11-05 The Arbitron Company Method and apparatus for producing a signature characterizing an interval of a video signal while compensating for picture edge shift
US5583920A (en) 1992-04-17 1996-12-10 Bell Atlantic Intelligent peripheral in video dial tone network
EP0851355A2 (en) 1996-12-23 1998-07-01 Microsoft Corporation Cache-efficient object loader
US5793365A (en) 1996-01-02 1998-08-11 Sun Microsystems, Inc. System and method providing a computer user interface enabling access to distributed workgroup members
US5872917A (en) 1995-06-07 1999-02-16 America Online, Inc. Authentication using random challenges
US5878219A (en) 1996-03-12 1999-03-02 America Online, Inc. System for integrating access to proprietary and internet resources
US5937160A (en) 1997-05-01 1999-08-10 Reedy Creek Technologies, Inc. Systems, methods and computer program products for updating hypertext documents via electronic mail
US5960411A (en) 1997-09-12 1999-09-28 Amazon.Com, Inc. Method and system for placing a purchase order via a communications network
US5978791A (en) 1995-04-11 1999-11-02 Kinetech, Inc. Data processing system using substantially unique identifiers to identify data items, whereby identical data items have the same identifiers
US6006228A (en) 1996-12-11 1999-12-21 Ncr Corporation Assigning security levels to particular documents on a document by document basis in a database
US6012051A (en) 1997-02-06 2000-01-04 America Online, Inc. Consumer profiling system with analytic decision processor
US6014638A (en) 1996-05-29 2000-01-11 America Online, Inc. System for customizing computer displays in accordance with user preferences
US6018774A (en) 1997-07-03 2000-01-25 Yobaby Productions, Llc Method and system for creating messages including image information
US6026403A (en) 1994-03-24 2000-02-15 Ncr Corporation Computer system for management of resources
EP0982927A1 (en) 1998-08-28 2000-03-01 Hitachi, Ltd. Method of generating authentication-enabled electronic data
US6052709A (en) * 1997-12-23 2000-04-18 Bright Light Technologies, Inc. Apparatus and method for controlling delivery of unsolicited electronic mail
US6058428A (en) 1997-12-05 2000-05-02 Pictra, Inc. Method and apparatus for transferring digital images on a network
US6076111A (en) 1997-10-24 2000-06-13 Pictra, Inc. Methods and apparatuses for transferring data between data processing systems which transfer a representation of the data before transferring the data
US6085249A (en) 1997-10-24 2000-07-04 Pictra, Inc. Method and apparatuses for transferring data for multiple applications through a single communication link in response to authentication information
US6097389A (en) 1997-10-24 2000-08-01 Pictra, Inc. Methods and apparatuses for presenting a collection of digital media in a media container
US6104990A (en) 1998-09-28 2000-08-15 Prompt Software, Inc. Language independent phrase extraction
US6151584A (en) 1997-11-20 2000-11-21 Ncr Corporation Computer architecture and method for validating and collecting and metadata and data about the internet and electronic commerce environments (data discoverer)
US6161130A (en) * 1998-06-23 2000-12-12 Microsoft Corporation Technique which utilizes a probabilistic classifier to detect "junk" e-mail by automatically updating a training and re-training the classifier based on the updated training set
US6202061B1 (en) 1997-10-24 2001-03-13 Pictra, Inc. Methods and apparatuses for creating a collection of media
US6266692B1 (en) * 1999-01-04 2001-07-24 International Business Machines Corporation Method for blocking all unwanted e-mail (SPAM) using a header-based password
US6330590B1 (en) * 1999-01-05 2001-12-11 William D. Cotten Preventing delivery of unwanted bulk e-mail
US6353848B1 (en) 1998-07-31 2002-03-05 Flashpoint Technology, Inc. Method and system allowing a client computer to access a portable digital image capture unit over a network
US6356937B1 (en) 1999-07-06 2002-03-12 David Montville Interoperable full-featured web-based and client-side e-mail system
US6393465B2 (en) 1997-11-25 2002-05-21 Nixmail Corporation Junk electronic mail detector and eliminator
US20020099938A1 (en) 2001-01-23 2002-07-25 Spitz Charles F. Method and system for obtaining digital signatures
US6438597B1 (en) 1998-08-17 2002-08-20 Hewlett-Packard Company Method and system for managing accesses to a data service system that supports persistent connections
US20020116508A1 (en) 2001-02-20 2002-08-22 Sal Khan Method for secure transmission and receipt of data over a computer network using biometrics
US20020124170A1 (en) 2001-03-02 2002-09-05 Johnson William S. Secure content system and method
US6477544B1 (en) 1999-07-16 2002-11-05 Microsoft Corporation Single instance store for file systems
US6519703B1 (en) * 2000-04-14 2003-02-11 James B. Joyce Methods and apparatus for heuristic firewall
US6523115B1 (en) 1998-02-18 2003-02-18 Matsushita Electric Industrial Co., Ltd. Encryption device, decryption device, encryption method, decryption method, cryptography system, computer-readable recording medium storing encryption program, and computer-readable recording medium storing decryption program which perform error diagnosis
US20030056100A1 (en) 2001-09-14 2003-03-20 Rodney Beatson Method and system for authenticating a digitized signature for execution of an electronic document
US20030095527A1 (en) 2001-11-07 2003-05-22 Vyankatesh Shanbhag Gb parameter based radio priority
US6584564B2 (en) 2000-04-25 2003-06-24 Sigaba Corporation Secure e-mail system
US6640301B1 (en) 1999-07-08 2003-10-28 David Way Ng Third-party e-mail authentication service provider using checksum and unknown pad characters with removal of quotation indents
US6654787B1 (en) * 1998-12-31 2003-11-25 Brightmail, Incorporated Method and apparatus for filtering e-mail
US6691156B1 (en) 2000-03-10 2004-02-10 International Business Machines Corporation Method for restricting delivery of unsolicited E-mail
US20040039912A1 (en) 1999-02-26 2004-02-26 Bitwise Designs, Inc. To Authentidate Holding Corp. Computer networked system and method of digital file management and authentication
US6701440B1 (en) * 2000-01-06 2004-03-02 Networks Associates Technology, Inc. Method and system for protecting a computer using a remote e-mail scanning device
US6714982B1 (en) 2000-01-19 2004-03-30 Fmr Corp. Message passing over secure connections using a network server
US6725381B1 (en) 1999-08-31 2004-04-20 Tumbleweed Communications Corp. Solicited authentication of a specific user
US6745936B1 (en) 1996-08-23 2004-06-08 Orion Systems, Inc. Method and apparatus for generating secure endorsed transactions
US6763462B1 (en) * 1999-10-05 2004-07-13 Micron Technology, Inc. E-mail virus detection utility
US20040139327A1 (en) 1999-04-13 2004-07-15 Ilumin Corporation System and method for document-driven processing of digitally-signed electronic documents
US6766352B1 (en) 2000-05-04 2004-07-20 International Business Machines Corporation Indicator to show that a cached file is being displayed on a client system
US6772196B1 (en) 2000-07-27 2004-08-03 Propel Software Corp. Electronic mail filtering system and methods
US20040181462A1 (en) * 2000-11-17 2004-09-16 Bauer Robert D. Electronic communication service
US6799352B2 (en) 2002-08-01 2004-10-05 Boeckler Instruments Zero backlash assembly
US20040255120A1 (en) 1999-02-26 2004-12-16 Authentidate Holding Corp. Computer networked system and method of digital file management and authentication
US20060095527A1 (en) 2000-11-30 2006-05-04 Malik Dale W Method and apparatus for minimzing storage of common attachment files in an e-mail communications server
US7072942B1 (en) * 2000-02-04 2006-07-04 Microsoft Corporation Email filtering methods and systems
US7092992B1 (en) * 2001-02-01 2006-08-15 Mailshell.Com, Inc. Web page filtering including substitution of user-entered email address
US7149778B1 (en) * 2000-08-24 2006-12-12 Yahoo! Inc. Unsolicited electronic mail reduction

Family Cites Families (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7117358B2 (en) * 1997-07-24 2006-10-03 Tumbleweed Communications Corp. Method and system for filtering communication
US6829607B1 (en) * 2000-04-24 2004-12-07 Microsoft Corporation System and method for facilitating user input by automatically providing dynamically generated completion information
US6757830B1 (en) * 2000-10-03 2004-06-29 Networks Associates Technology, Inc. Detecting unwanted properties in received email messages
JP2002163341A (en) 2000-11-29 2002-06-07 Klc:Kk Transaction mediating method, and system and device for mediating transaction of liquors
US8219620B2 (en) * 2001-02-20 2012-07-10 Mcafee, Inc. Unwanted e-mail filtering system including voting feedback
US20030050981A1 (en) * 2001-09-13 2003-03-13 International Business Machines Corporation Method, apparatus, and program to forward and verify multiple digital signatures in electronic mail
KR100460322B1 (en) * 2002-05-31 2004-12-08 (주) 시큐컴 System and Method for preventing spam mails

Patent Citations (63)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4206315A (en) 1978-01-04 1980-06-03 International Business Machines Corporation Digital signature system and apparatus
US5202890A (en) 1989-06-09 1993-04-13 Matsushita Electric Industrial Co., Ltd. Block error detector
US5583920A (en) 1992-04-17 1996-12-10 Bell Atlantic Intelligent peripheral in video dial tone network
US5572246A (en) 1992-04-30 1996-11-05 The Arbitron Company Method and apparatus for producing a signature characterizing an interval of a video signal while compensating for picture edge shift
US5327486A (en) 1993-03-22 1994-07-05 Bell Communications Research, Inc. Method and system for managing telecommunications such as telephone calls
US5557659A (en) 1993-06-22 1996-09-17 Hyde-Thomson; Henry C. A. Electronic mail system having integrated voice messages
US6026403A (en) 1994-03-24 2000-02-15 Ncr Corporation Computer system for management of resources
US5533110A (en) 1994-11-29 1996-07-02 Mitel Corporation Human machine interface for telephone feature invocation
US5978791A (en) 1995-04-11 1999-11-02 Kinetech, Inc. Data processing system using substantially unique identifiers to identify data items, whereby identical data items have the same identifiers
US5872917A (en) 1995-06-07 1999-02-16 America Online, Inc. Authentication using random challenges
US5793365A (en) 1996-01-02 1998-08-11 Sun Microsystems, Inc. System and method providing a computer user interface enabling access to distributed workgroup members
US5878219A (en) 1996-03-12 1999-03-02 America Online, Inc. System for integrating access to proprietary and internet resources
US6014638A (en) 1996-05-29 2000-01-11 America Online, Inc. System for customizing computer displays in accordance with user preferences
US6745936B1 (en) 1996-08-23 2004-06-08 Orion Systems, Inc. Method and apparatus for generating secure endorsed transactions
US6006228A (en) 1996-12-11 1999-12-21 Ncr Corporation Assigning security levels to particular documents on a document by document basis in a database
EP0851355A2 (en) 1996-12-23 1998-07-01 Microsoft Corporation Cache-efficient object loader
US6012051A (en) 1997-02-06 2000-01-04 America Online, Inc. Consumer profiling system with analytic decision processor
US5937160A (en) 1997-05-01 1999-08-10 Reedy Creek Technologies, Inc. Systems, methods and computer program products for updating hypertext documents via electronic mail
US6018774A (en) 1997-07-03 2000-01-25 Yobaby Productions, Llc Method and system for creating messages including image information
US5960411A (en) 1997-09-12 1999-09-28 Amazon.Com, Inc. Method and system for placing a purchase order via a communications network
US6085249A (en) 1997-10-24 2000-07-04 Pictra, Inc. Method and apparatuses for transferring data for multiple applications through a single communication link in response to authentication information
US6076111A (en) 1997-10-24 2000-06-13 Pictra, Inc. Methods and apparatuses for transferring data between data processing systems which transfer a representation of the data before transferring the data
US6097389A (en) 1997-10-24 2000-08-01 Pictra, Inc. Methods and apparatuses for presenting a collection of digital media in a media container
US6202061B1 (en) 1997-10-24 2001-03-13 Pictra, Inc. Methods and apparatuses for creating a collection of media
US6151584A (en) 1997-11-20 2000-11-21 Ncr Corporation Computer architecture and method for validating and collecting and metadata and data about the internet and electronic commerce environments (data discoverer)
US6393465B2 (en) 1997-11-25 2002-05-21 Nixmail Corporation Junk electronic mail detector and eliminator
US6058428A (en) 1997-12-05 2000-05-02 Pictra, Inc. Method and apparatus for transferring digital images on a network
US6052709A (en) * 1997-12-23 2000-04-18 Bright Light Technologies, Inc. Apparatus and method for controlling delivery of unsolicited electronic mail
US6523115B1 (en) 1998-02-18 2003-02-18 Matsushita Electric Industrial Co., Ltd. Encryption device, decryption device, encryption method, decryption method, cryptography system, computer-readable recording medium storing encryption program, and computer-readable recording medium storing decryption program which perform error diagnosis
US6161130A (en) * 1998-06-23 2000-12-12 Microsoft Corporation Technique which utilizes a probabilistic classifier to detect "junk" e-mail by automatically updating a training and re-training the classifier based on the updated training set
US6353848B1 (en) 1998-07-31 2002-03-05 Flashpoint Technology, Inc. Method and system allowing a client computer to access a portable digital image capture unit over a network
US6438597B1 (en) 1998-08-17 2002-08-20 Hewlett-Packard Company Method and system for managing accesses to a data service system that supports persistent connections
EP0982927A1 (en) 1998-08-28 2000-03-01 Hitachi, Ltd. Method of generating authentication-enabled electronic data
US6104990A (en) 1998-09-28 2000-08-15 Prompt Software, Inc. Language independent phrase extraction
US6654787B1 (en) * 1998-12-31 2003-11-25 Brightmail, Incorporated Method and apparatus for filtering e-mail
US6266692B1 (en) * 1999-01-04 2001-07-24 International Business Machines Corporation Method for blocking all unwanted e-mail (SPAM) using a header-based password
US6330590B1 (en) * 1999-01-05 2001-12-11 William D. Cotten Preventing delivery of unwanted bulk e-mail
US20040039912A1 (en) 1999-02-26 2004-02-26 Bitwise Designs, Inc. To Authentidate Holding Corp. Computer networked system and method of digital file management and authentication
US20040255120A1 (en) 1999-02-26 2004-12-16 Authentidate Holding Corp. Computer networked system and method of digital file management and authentication
US20040139327A1 (en) 1999-04-13 2004-07-15 Ilumin Corporation System and method for document-driven processing of digitally-signed electronic documents
US6356937B1 (en) 1999-07-06 2002-03-12 David Montville Interoperable full-featured web-based and client-side e-mail system
US6640301B1 (en) 1999-07-08 2003-10-28 David Way Ng Third-party e-mail authentication service provider using checksum and unknown pad characters with removal of quotation indents
US6477544B1 (en) 1999-07-16 2002-11-05 Microsoft Corporation Single instance store for file systems
US6725381B1 (en) 1999-08-31 2004-04-20 Tumbleweed Communications Corp. Solicited authentication of a specific user
US6763462B1 (en) * 1999-10-05 2004-07-13 Micron Technology, Inc. E-mail virus detection utility
US6701440B1 (en) * 2000-01-06 2004-03-02 Networks Associates Technology, Inc. Method and system for protecting a computer using a remote e-mail scanning device
US6714982B1 (en) 2000-01-19 2004-03-30 Fmr Corp. Message passing over secure connections using a network server
US7072942B1 (en) * 2000-02-04 2006-07-04 Microsoft Corporation Email filtering methods and systems
US6691156B1 (en) 2000-03-10 2004-02-10 International Business Machines Corporation Method for restricting delivery of unsolicited E-mail
US6519703B1 (en) * 2000-04-14 2003-02-11 James B. Joyce Methods and apparatus for heuristic firewall
US6584564B2 (en) 2000-04-25 2003-06-24 Sigaba Corporation Secure e-mail system
US6766352B1 (en) 2000-05-04 2004-07-20 International Business Machines Corporation Indicator to show that a cached file is being displayed on a client system
US6772196B1 (en) 2000-07-27 2004-08-03 Propel Software Corp. Electronic mail filtering system and methods
US7149778B1 (en) * 2000-08-24 2006-12-12 Yahoo! Inc. Unsolicited electronic mail reduction
US20040181462A1 (en) * 2000-11-17 2004-09-16 Bauer Robert D. Electronic communication service
US20060095527A1 (en) 2000-11-30 2006-05-04 Malik Dale W Method and apparatus for minimzing storage of common attachment files in an e-mail communications server
US20020099938A1 (en) 2001-01-23 2002-07-25 Spitz Charles F. Method and system for obtaining digital signatures
US7092992B1 (en) * 2001-02-01 2006-08-15 Mailshell.Com, Inc. Web page filtering including substitution of user-entered email address
US20020116508A1 (en) 2001-02-20 2002-08-22 Sal Khan Method for secure transmission and receipt of data over a computer network using biometrics
US20020124170A1 (en) 2001-03-02 2002-09-05 Johnson William S. Secure content system and method
US20030056100A1 (en) 2001-09-14 2003-03-20 Rodney Beatson Method and system for authenticating a digitized signature for execution of an electronic document
US20030095527A1 (en) 2001-11-07 2003-05-22 Vyankatesh Shanbhag Gb parameter based radio priority
US6799352B2 (en) 2002-08-01 2004-10-05 Boeckler Instruments Zero backlash assembly

Non-Patent Citations (5)

* Cited by examiner, † Cited by third party
Title
"AOL Instant Messenger Windows Beta Features," Jun. 24, 1999, 2 pgs.: AOL Instant Messenger All New Version 2.0, 2 pgs., Jun. 24, 1999; What is AOL Instant Messenger, 3 pgs, Jun. 24, 1999; Quick Tips for Getting Started, 5 pgs., Jun. 24, 1999; Frequently Asked Questions About AOL Instant Messenger, 6 pgs. Jun. 24, 1999.
"AOL technology: turning complicated things into engaging services," 1996 Annual Report, 22 pgs.
"YAHOO! Messenger Makes the World a Little Smaller, More Informed," pp. 1-2, Jun. 21, 1999.
Alan Cohen, "Instant Messaging," Apr. 13, 1999, PC Magazine, PC Labs, 2 pgs.
Japaneese Application (PAJ) 2002-163341. *

Cited By (108)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7499529B1 (en) * 2001-12-11 2009-03-03 Verizon Laboratories, Inc. Systems and methods for providing filtered message delivery
US20080147815A1 (en) * 2002-03-01 2008-06-19 Tralix, L.L.C. Systems and methods for providing electronic mail message header information
US20080037728A1 (en) * 2004-09-10 2008-02-14 France Telecom Sa Method Of Monitoring A Message Stream Transmitted And/Or Received By An Internet Access Provider Customer Within A Telecommunication Network
US20060195451A1 (en) * 2005-02-28 2006-08-31 Microsoft Corporation Strategies for ensuring that executable content conforms to predetermined patterns of behavior ("inverse virus checking")
US8037534B2 (en) * 2005-02-28 2011-10-11 Smith Joseph B Strategies for ensuring that executable content conforms to predetermined patterns of behavior (“inverse virus checking”)
US8001193B2 (en) * 2005-05-17 2011-08-16 Ntt Docomo, Inc. Data communications system and data communications method for detecting unsolicited communications
US20060262867A1 (en) * 2005-05-17 2006-11-23 Ntt Docomo, Inc. Data communications system and data communications method
US20070022168A1 (en) * 2005-07-19 2007-01-25 Kabushiki Kaisha Toshiba Communication terminal and customize method
US20070180528A1 (en) * 2006-01-25 2007-08-02 Computer Associates Think, Inc. System and method for reducing antivirus false positives
US8713686B2 (en) * 2006-01-25 2014-04-29 Ca, Inc. System and method for reducing antivirus false positives
US20070233697A1 (en) * 2006-03-30 2007-10-04 Nec Corporation System and method for avoiding notification of unwanted information
US20070288575A1 (en) * 2006-06-09 2007-12-13 Microsoft Corporation Email addresses relevance determination and uses
US8307038B2 (en) 2006-06-09 2012-11-06 Microsoft Corporation Email addresses relevance determination and uses
US20080021961A1 (en) * 2006-07-18 2008-01-24 Microsoft Corporation Real-time detection and prevention of bulk messages
US7734703B2 (en) * 2006-07-18 2010-06-08 Microsoft Corporation Real-time detection and prevention of bulk messages
US20080177843A1 (en) * 2007-01-22 2008-07-24 Microsoft Corporation Inferring email action based on user input
US9100389B2 (en) 2008-10-21 2015-08-04 Lookout, Inc. Assessing an application based on application data associated with the application
US20120233695A1 (en) * 2008-10-21 2012-09-13 Lookout, Inc., A California Corporation System and method for server-coupled application re-analysis to obtain trust, distribution and ratings assessment
US8365252B2 (en) 2008-10-21 2013-01-29 Lookout, Inc. Providing access levels to services based on mobile device security state
US8381303B2 (en) 2008-10-21 2013-02-19 Kevin Patrick Mahaffey System and method for attack and malware prevention
US11080407B2 (en) 2008-10-21 2021-08-03 Lookout, Inc. Methods and systems for analyzing data after initial analyses by known good and known bad security components
US10509911B2 (en) 2008-10-21 2019-12-17 Lookout, Inc. Methods and systems for conditionally granting access to services based on the security state of the device requesting access
US20130117846A1 (en) * 2008-10-21 2013-05-09 Lookout, Inc., A California Corporation System and method for server-coupled application re-analysis to obtain characterization assessment
US10509910B2 (en) 2008-10-21 2019-12-17 Lookout, Inc. Methods and systems for granting access to services based on a security state that varies with the severity of security events
US8505095B2 (en) 2008-10-21 2013-08-06 Lookout, Inc. System and method for monitoring and analyzing multiple interfaces and multiple protocols
US8510843B2 (en) 2008-10-21 2013-08-13 Lookout, Inc. Security status and information display system
US8533844B2 (en) 2008-10-21 2013-09-10 Lookout, Inc. System and method for security data collection and analysis
US10417432B2 (en) 2008-10-21 2019-09-17 Lookout, Inc. Methods and systems for blocking potentially harmful communications to improve the functioning of an electronic device
US8544095B2 (en) * 2008-10-21 2013-09-24 Lookout, Inc. System and method for server-coupled application re-analysis
US8561144B2 (en) 2008-10-21 2013-10-15 Lookout, Inc. Enforcing security based on a security state assessment of a mobile device
US9996697B2 (en) 2008-10-21 2018-06-12 Lookout, Inc. Methods and systems for blocking the installation of an application to improve the functioning of a mobile communications device
US9860263B2 (en) 2008-10-21 2018-01-02 Lookout, Inc. System and method for assessing data objects on mobile communications devices
US9779253B2 (en) 2008-10-21 2017-10-03 Lookout, Inc. Methods and systems for sharing risk responses to improve the functioning of mobile communications devices
US8683593B2 (en) 2008-10-21 2014-03-25 Lookout, Inc. Server-assisted analysis of data for a mobile device
US9781148B2 (en) 2008-10-21 2017-10-03 Lookout, Inc. Methods and systems for sharing risk responses between collections of mobile communications devices
US20120290640A1 (en) * 2008-10-21 2012-11-15 Lookout, Inc., A California Corporation System and method for server-coupled application re-analysis
US9740852B2 (en) 2008-10-21 2017-08-22 Lookout, Inc. System and method for assessing an application to be installed on a mobile communications device
US8745739B2 (en) * 2008-10-21 2014-06-03 Lookout, Inc. System and method for server-coupled application re-analysis to obtain characterization assessment
US8752176B2 (en) * 2008-10-21 2014-06-10 Lookout, Inc. System and method for server-coupled application re-analysis to obtain trust, distribution and ratings assessment
US8347386B2 (en) 2008-10-21 2013-01-01 Lookout, Inc. System and method for server-coupled malware prevention
US9407640B2 (en) 2008-10-21 2016-08-02 Lookout, Inc. Assessing a security state of a mobile communications device to determine access to specific tasks
US9367680B2 (en) 2008-10-21 2016-06-14 Lookout, Inc. System and method for mobile communication device application advisement
US9344431B2 (en) 2008-10-21 2016-05-17 Lookout, Inc. System and method for assessing an application based on data from multiple devices
US8826441B2 (en) 2008-10-21 2014-09-02 Lookout, Inc. Event-based security state assessment and display for mobile devices
US9294500B2 (en) 2008-10-21 2016-03-22 Lookout, Inc. System and method for creating and applying categorization-based policy to secure a mobile communications device from access to certain data objects
US9245119B2 (en) 2008-10-21 2016-01-26 Lookout, Inc. Security status assessment using mobile device security information database
US8875289B2 (en) 2008-10-21 2014-10-28 Lookout, Inc. System and method for preventing malware on a mobile communication device
US8881292B2 (en) 2008-10-21 2014-11-04 Lookout, Inc. Evaluating whether data is safe or malicious
US9235704B2 (en) 2008-10-21 2016-01-12 Lookout, Inc. System and method for a scanning API
US8984628B2 (en) 2008-10-21 2015-03-17 Lookout, Inc. System and method for adverse mobile application identification
US8997181B2 (en) 2008-10-21 2015-03-31 Lookout, Inc. Assessing the security state of a mobile communications device
US9223973B2 (en) 2008-10-21 2015-12-29 Lookout, Inc. System and method for attack and malware prevention
US9043919B2 (en) 2008-10-21 2015-05-26 Lookout, Inc. Crawling multiple markets and correlating
US9065846B2 (en) 2008-10-21 2015-06-23 Lookout, Inc. Analyzing data gathered through different protocols
US8774788B2 (en) 2009-02-17 2014-07-08 Lookout, Inc. Systems and methods for transmitting a communication based on a device leaving or entering an area
US9100925B2 (en) 2009-02-17 2015-08-04 Lookout, Inc. Systems and methods for displaying location information of a device
US9167550B2 (en) 2009-02-17 2015-10-20 Lookout, Inc. Systems and methods for applying a security policy to a device based on location
US9179434B2 (en) 2009-02-17 2015-11-03 Lookout, Inc. Systems and methods for locking and disabling a device in response to a request
US8682400B2 (en) 2009-02-17 2014-03-25 Lookout, Inc. Systems and methods for device broadcast of location information when battery is low
US9955352B2 (en) 2009-02-17 2018-04-24 Lookout, Inc. Methods and systems for addressing mobile communications devices that are lost or stolen but not yet reported as such
US9042876B2 (en) 2009-02-17 2015-05-26 Lookout, Inc. System and method for uploading location information based on device movement
US9232491B2 (en) 2009-02-17 2016-01-05 Lookout, Inc. Mobile device geolocation
US8929874B2 (en) 2009-02-17 2015-01-06 Lookout, Inc. Systems and methods for remotely controlling a lost mobile communications device
US8538815B2 (en) 2009-02-17 2013-09-17 Lookout, Inc. System and method for mobile device replacement
US8855601B2 (en) 2009-02-17 2014-10-07 Lookout, Inc. System and method for remotely-initiated audio communication
US9569643B2 (en) 2009-02-17 2017-02-14 Lookout, Inc. Method for detecting a security event on a portable electronic device and establishing audio transmission with a client computer
US8825007B2 (en) 2009-02-17 2014-09-02 Lookout, Inc. Systems and methods for applying a security policy to a device based on a comparison of locations
US8635109B2 (en) 2009-02-17 2014-01-21 Lookout, Inc. System and method for providing offers for mobile devices
US10623960B2 (en) 2009-02-17 2020-04-14 Lookout, Inc. Methods and systems for enhancing electronic device security by causing the device to go into a mode for lost or stolen devices
US10419936B2 (en) 2009-02-17 2019-09-17 Lookout, Inc. Methods and systems for causing mobile communications devices to emit sounds with encoded information
US8467768B2 (en) 2009-02-17 2013-06-18 Lookout, Inc. System and method for remotely securing or recovering a mobile device
USRE47757E1 (en) 2009-11-18 2019-12-03 Lookout, Inc. System and method for identifying and assessing vulnerabilities on a mobile communications device
USRE48669E1 (en) 2009-11-18 2021-08-03 Lookout, Inc. System and method for identifying and [assessing] remediating vulnerabilities on a mobile communications device
US8397301B2 (en) 2009-11-18 2013-03-12 Lookout, Inc. System and method for identifying and assessing vulnerabilities on a mobile communication device
USRE49634E1 (en) 2009-11-18 2023-08-29 Lookout, Inc. System and method for determining the risk of vulnerabilities on a mobile communications device
USRE46768E1 (en) 2009-11-18 2018-03-27 Lookout, Inc. System and method for identifying and assessing vulnerabilities on a mobile communications device
US8606868B2 (en) 2011-06-10 2013-12-10 International Business Machines Corporation Community based measurement of capabilities and availability
US9319292B2 (en) 2011-06-14 2016-04-19 Lookout, Inc. Client activity DNS optimization
US8738765B2 (en) 2011-06-14 2014-05-27 Lookout, Inc. Mobile device DNS optimization
US8788881B2 (en) 2011-08-17 2014-07-22 Lookout, Inc. System and method for mobile device push communications
US10181118B2 (en) 2011-08-17 2019-01-15 Lookout, Inc. Mobile communications device payment method utilizing location information
US8825777B2 (en) * 2011-10-05 2014-09-02 Blackberry Limited Selective delivery of social network messages within a social network
US20130091223A1 (en) * 2011-10-05 2013-04-11 Research In Motion Limited Selective delivery of social network messages within a social network
US9589129B2 (en) 2012-06-05 2017-03-07 Lookout, Inc. Determining source of side-loaded software
US9940454B2 (en) 2012-06-05 2018-04-10 Lookout, Inc. Determining source of side-loaded software using signature of authorship
US9992025B2 (en) 2012-06-05 2018-06-05 Lookout, Inc. Monitoring installed applications on user devices
US9407443B2 (en) 2012-06-05 2016-08-02 Lookout, Inc. Component analysis of software applications on computing devices
US11336458B2 (en) 2012-06-05 2022-05-17 Lookout, Inc. Evaluating authenticity of applications based on assessing user device context for increased security
US9215074B2 (en) 2012-06-05 2015-12-15 Lookout, Inc. Expressing intent to control behavior of application components
US10419222B2 (en) 2012-06-05 2019-09-17 Lookout, Inc. Monitoring for fraudulent or harmful behavior in applications being installed on user devices
US10256979B2 (en) 2012-06-05 2019-04-09 Lookout, Inc. Assessing application authenticity and performing an action in response to an evaluation result
US8655307B1 (en) 2012-10-26 2014-02-18 Lookout, Inc. System and method for developing, updating, and using user device behavioral context models to modify user, device, and application state, settings and behavior for enhanced user security
US9408143B2 (en) 2012-10-26 2016-08-02 Lookout, Inc. System and method for using context models to control operation of a mobile communications device
US9769749B2 (en) 2012-10-26 2017-09-19 Lookout, Inc. Modifying mobile device settings for resource conservation
US9208215B2 (en) 2012-12-27 2015-12-08 Lookout, Inc. User classification based on data gathered from a computing device
US9374369B2 (en) 2012-12-28 2016-06-21 Lookout, Inc. Multi-factor authentication and comprehensive login system for client-server networks
US8855599B2 (en) 2012-12-31 2014-10-07 Lookout, Inc. Method and apparatus for auxiliary communications with mobile communications device
US9424409B2 (en) 2013-01-10 2016-08-23 Lookout, Inc. Method and system for protecting privacy and enhancing security on an electronic device
US10452862B2 (en) 2013-10-25 2019-10-22 Lookout, Inc. System and method for creating a policy for managing personal data on a mobile communications device
US10990696B2 (en) 2013-10-25 2021-04-27 Lookout, Inc. Methods and systems for detecting attempts to access personal information on mobile communications devices
US9642008B2 (en) 2013-10-25 2017-05-02 Lookout, Inc. System and method for creating and assigning a policy for a mobile communications device based on personal data
US10742676B2 (en) 2013-12-06 2020-08-11 Lookout, Inc. Distributed monitoring and evaluation of multiple devices
US10122747B2 (en) 2013-12-06 2018-11-06 Lookout, Inc. Response generation after distributed monitoring and evaluation of multiple devices
US9753796B2 (en) 2013-12-06 2017-09-05 Lookout, Inc. Distributed monitoring, evaluation, and response for multiple devices
US10540494B2 (en) 2015-05-01 2020-01-21 Lookout, Inc. Determining source of side-loaded software using an administrator server
US11259183B2 (en) 2015-05-01 2022-02-22 Lookout, Inc. Determining a security state designation for a computing device based on a source of software
US11038876B2 (en) 2017-06-09 2021-06-15 Lookout, Inc. Managing access to services based on fingerprint matching
US10218697B2 (en) 2017-06-09 2019-02-26 Lookout, Inc. Use of device risk evaluation to manage access to services

Also Published As

Publication number Publication date
US20080120704A1 (en) 2008-05-22
US20020162025A1 (en) 2002-10-31
US7954155B2 (en) 2011-05-31

Similar Documents

Publication Publication Date Title
US7325249B2 (en) Identifying unwanted electronic messages
US10581778B2 (en) Method and system for filtering communication
US8881277B2 (en) Method and systems for collecting addresses for remotely accessible information sources
US7117358B2 (en) Method and system for filtering communication
US7603472B2 (en) Zero-minute virus and spam detection
US8108477B2 (en) Message classification using legitimate contact points
EP1877904B1 (en) Detecting unwanted electronic mail messages based on probabilistic analysis of referenced resources
US8725889B2 (en) E-mail management services
AU2004202268B2 (en) Origination/destination features and lists for spam prevention
US20050015626A1 (en) System and method for identifying and filtering junk e-mail messages or spam based on URL content
US20050081059A1 (en) Method and system for e-mail filtering
US20060036690A1 (en) Network protection system
US20050055404A1 (en) E-mail server registry and method

Legal Events

Date Code Title Description
AS Assignment

Owner name: AMERICA ONLINE, INC., VIRGINIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:SUTTON, LORIN;DESPAUX, CRAIG E.;ADAMSKI, MICHAEL;REEL/FRAME:012917/0617;SIGNING DATES FROM 20020520 TO 20020521

AS Assignment

Owner name: AOL LLC, A DELAWARE LIMITED LIABILITY COMPANY (FOR

Free format text: CHANGE OF NAME;ASSIGNOR:AMERICA ONLINE, INC.;REEL/FRAME:020215/0686

Effective date: 20060403

STCF Information on status: patent grant

Free format text: PATENTED CASE

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

AS Assignment

Owner name: BANK OF AMERICAN, N.A. AS COLLATERAL AGENT,TEXAS

Free format text: SECURITY AGREEMENT;ASSIGNORS:AOL INC.;AOL ADVERTISING INC.;BEBO, INC.;AND OTHERS;REEL/FRAME:023649/0061

Effective date: 20091209

Owner name: BANK OF AMERICAN, N.A. AS COLLATERAL AGENT, TEXAS

Free format text: SECURITY AGREEMENT;ASSIGNORS:AOL INC.;AOL ADVERTISING INC.;BEBO, INC.;AND OTHERS;REEL/FRAME:023649/0061

Effective date: 20091209

AS Assignment

Owner name: AOL INC.,VIRGINIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:AOL LLC;REEL/FRAME:023723/0645

Effective date: 20091204

Owner name: AOL INC., VIRGINIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:AOL LLC;REEL/FRAME:023723/0645

Effective date: 20091204

AS Assignment

Owner name: TACODA LLC, NEW YORK

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:BANK OF AMERICA, N A;REEL/FRAME:025323/0416

Effective date: 20100930

Owner name: NETSCAPE COMMUNICATIONS CORPORATION, VIRGINIA

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:BANK OF AMERICA, N A;REEL/FRAME:025323/0416

Effective date: 20100930

Owner name: QUIGO TECHNOLOGIES LLC, NEW YORK

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:BANK OF AMERICA, N A;REEL/FRAME:025323/0416

Effective date: 20100930

Owner name: SPHERE SOURCE, INC, VIRGINIA

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:BANK OF AMERICA, N A;REEL/FRAME:025323/0416

Effective date: 20100930

Owner name: YEDDA, INC, VIRGINIA

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:BANK OF AMERICA, N A;REEL/FRAME:025323/0416

Effective date: 20100930

Owner name: MAPQUEST, INC, COLORADO

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:BANK OF AMERICA, N A;REEL/FRAME:025323/0416

Effective date: 20100930

Owner name: LIGHTNINGCAST LLC, NEW YORK

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:BANK OF AMERICA, N A;REEL/FRAME:025323/0416

Effective date: 20100930

Owner name: GOING INC, MASSACHUSETTS

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:BANK OF AMERICA, N A;REEL/FRAME:025323/0416

Effective date: 20100930

Owner name: AOL ADVERTISING INC, NEW YORK

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:BANK OF AMERICA, N A;REEL/FRAME:025323/0416

Effective date: 20100930

Owner name: AOL INC, VIRGINIA

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:BANK OF AMERICA, N A;REEL/FRAME:025323/0416

Effective date: 20100930

Owner name: TRUVEO, INC, CALIFORNIA

Free format text: TERMINATION AND RELEASE OF SECURITY INTEREST IN PATENT RIGHTS;ASSIGNOR:BANK OF AMERICA, N A;REEL/FRAME:025323/0416

Effective date: 20100930

FPAY Fee payment

Year of fee payment: 4

AS Assignment

Owner name: MARATHON SOLUTIONS LLC, WASHINGTON

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:AOL INC.;REEL/FRAME:028911/0969

Effective date: 20120614

AS Assignment

Owner name: BRIGHT SUN TECHNOLOGIES, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MARATHON SOLUTIONS LLC;REEL/FRAME:030091/0483

Effective date: 20130312

XAS Not any more in us assignment database

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MARATHON SOLUTIONS LLC;REEL/FRAME:030091/0483

AS Assignment

Owner name: BRIGHT SUN TECHNOLOGIES, CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:MARATHON SOLUTIONS LLC;REEL/FRAME:031900/0494

Effective date: 20130312

AS Assignment

Owner name: GOOGLE INC., CALIFORNIA

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:BRIGHT SUN TECHNOLOGIES;REEL/FRAME:033074/0009

Effective date: 20140128

FPAY Fee payment

Year of fee payment: 8

AS Assignment

Owner name: GOOGLE LLC, CALIFORNIA

Free format text: CHANGE OF NAME;ASSIGNOR:GOOGLE INC.;REEL/FRAME:044127/0735

Effective date: 20170929

MAFP Maintenance fee payment

Free format text: PAYMENT OF MAINTENANCE FEE, 12TH YEAR, LARGE ENTITY (ORIGINAL EVENT CODE: M1553); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Year of fee payment: 12